diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl
--- e-smith-ldap-5.6.0.old/root/etc/e-smith/db/configuration/migrate/ldapssl	1969-12-31 19:00:00.000000000 -0500
+++ e-smith-ldap-5.6.0/root/etc/e-smith/db/configuration/migrate/ldapssl	2020-05-02 22:48:23.524000000 -0400
@@ -0,0 +1,7 @@
+{
+
+	#this has been replaced by TLSProtocolMin with new default
+	$DB->get_prop_and_delete('ldap', 'SSLv3');
+
+
+}
diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
--- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls	2020-05-02 22:09:29.239000000 -0400
+++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls	2020-05-02 22:25:24.714000000 -0400
@@ -1,6 +1,16 @@
 
-TLSCipherSuite         { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
-TLSProtocolMin         { ($ldap{SSLv3} || 'disabled') eq 'enabled' ? '3.0' : '3.1' }
+TLSCipherSuite         { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
+TLSProtocolMin         { my $TLSProtocolMin = $ldap{TLSProtocolMin} || 'TLSv1.2';
+if ( $TLSProtocolMin eq 'SSLv3' ){
+        $OUT = " 3.0";
+} elsif ( $TLSProtocolMin eq 'TLSv1.0' || $TLSProtocolMin eq 'TLSv1' ){
+        $OUT = " 3.1";
+} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){
+        $OUT = " 3.2";
+} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){
+        $OUT = " 3.3";
+}
+}
 TLSCACertificateFile   /var/service/ldap/ssl/slapd.pem
 TLSCertificateFile     /var/service/ldap/ssl/slapd.pem
 TLSCertificateKeyFile  /var/service/ldap/ssl/slapd.pem