Only allow TLS 1.2 and above
This can be accomplished by adding TLS_PROTOCOL_MIN 3.3
to .etc/openldap/slapd.conf. Perhaps you can also add TLS_CIPHER_SUITE ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!EXP:!SSLV2:!eNULL
but it should bot be needed.
This should not affect ClearOS itself as localhost only listens to port 389 which does not require TLS. The issue is that it forces any apps connecting to the ClearOS LDAP to also use TLS >= 1.2 and this is a danger.