More Information in case anyone is following this:
The problem is for me DES-CBC3-SHA is used by Ontap 8.2.4 to establish TLS communications. This is a cipher used by TLS1 and SSLV3. The problem is Openssl has just regraded all 3DES from HIGH to MEDIUM. This is causing this cipher to become unavailable to the LDAP servers and hence the Ontap 8.2.4 which uses it to establish TLS. Which now can nolonger communicate to our corporate LDAP servers securely. As a corporate we BAN LOW / MEDIUM ciphers + SSlv2/3 . TLS1 is allowed but only just ! TLS1.2 is preferred however ontap 8.2.4 does not support TLS1.2.
I see this problem only getting worse as different vendors roll out the openssl changes for 3DES. My servers are Ubuntu and Solaris. Ubuntu being very quick to rollout the new patches are failing today. I expect the Solaris LDAP servers to also stop talking to Ontap 8.2.4 over TLS once new patches are applied.
Currently I see the options being:
1) Run non-ssl, which is crazy. But crazier still it will pass a corporate scan !!
2) Enable DES-CBC3-SHA then Risk accept the issue we move in 2017 to a new NETAPP with Ontap 9.x which can offer TLS 1.2 and other cipher suites.