We have a Server 2008 R2 box that we have installed a certificate on to enable LDAP over SSL. The encryption works fine for some devices, but others cannot connect. Cisco says this is because our Suite B certifcate using SHA 384 is forcing the system to only use TLS 1.2 encryption methods and they only support TLS 1.0 and 1.1 on the devices we have. I have a few questions about this: 1) How can I tell which ciphers are supported by my Server 2008 R2 SP1 system using the certificate I have installed? 2) Are all Secure LDAP connections negotiated using TLS 1.0. That is the way it looks in Wireshark, but Cisco says we are using TLS 1.2. How can I verify for sure. 3) Is the version of TLS used by Secure LDAP configurable. I can fix this using a modified template that uses SHA1, but would like to stay at SHA384 if possible.

Hi, Thanks for posting in Microsoft TechNet forums. As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as Answered as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, wed love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Best Regards Elytis ChengElytis Cheng TechNet Community Support