Skip to content

Commit 1c6953b

Browse files
BertrandGounyBertrandGouny
authored
Update README.md
1 parent f755a4c commit 1c6953b

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -248,11 +248,11 @@ Backend:
248248
Help: http://www.openldap.org/doc/admin24/backends.html
249249

250250
TLS options:
251-
- **LDAP_TLS**: Add openldap TLS capabilities. Defaults to `true`
251+
- **LDAP_TLS**: Add openldap TLS capabilities. Can't be removed once set to true. Defaults to `true`.
252252
- **LDAP_TLS_CRT_FILENAME**: Ldap ssl certificate filename. Defaults to `ldap.crt`
253253
- **LDAP_TLS_KEY_FILENAME**: Ldap ssl certificate private key filename. Defaults to `ldap.key`
254254
- **LDAP_TLS_CA_CRT_FILENAME**: Ldap ssl CA certificate filename. Defaults to `ca.crt`
255-
- **LDAP_TLS_ENFORCE**: Enforce TLS. Defaults to `false`
255+
- **LDAP_TLS_ENFORCE**: Enforce TLS. Can't be disabled once set to true. Defaults to `false`.
256256
- **LDAP_TLS_CIPHER_SUITE**: TLS cipher suite. Defaults to `SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC`, based on Red Hat's [TLS hardening guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Hardening_TLS_Configuration.html)
257257
- **LDAP_TLS_VERIFY_CLIENT**: TLS verify client. Defaults to `demand`
258258

0 commit comments

Comments
 (0)