TLS_CACERTDIR     /etc/openldap/certs
TLS_REQCERT       demand
TLS_CRLCHECK      all
TLS_CIPHER_SUITE  HIGH:!TLSv1:!SSLv3!aNULL
TLS_PROTOCOL_MIN  3.3
