diff --git a/docs/sts/ldap.go b/docs/sts/ldap.go
index 225b6206b..1f753f032 100644
--- a/docs/sts/ldap.go
+++ b/docs/sts/ldap.go
@@ -80,7 +80,7 @@ func main() {
 	if sessionPolicyFile != "" {
 		var policy string
 		if f, err := os.Open(sessionPolicyFile); err != nil {
-			log.Fatalf("Unable to open session policy file: %v", sessionPolicyFile, err)
+			log.Fatalf("Unable to open session policy file %s: %v", sessionPolicyFile, err)
 		} else {
 			bs, err := io.ReadAll(f)
 			if err != nil {
@@ -124,7 +124,7 @@ func main() {
 	// Use generated credentials to authenticate with MinIO server
 	minioClient, err := minio.New(stsEndpointURL.Host, opts)
 	if err != nil {
-		log.Fatalf("Error initializing client: ", err)
+		log.Fatalf("Error initializing client: %v", err)
 	}
 
 	// Use minIO Client object normally like the regular client.
diff --git a/go.mod b/go.mod
index 9f03cbbc1..387b195ff 100644
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 	github.com/minio/madmin-go/v3 v3.0.59-0.20240725120704-3cfbffc45f08
 	github.com/minio/minio-go/v7 v7.0.73
 	github.com/minio/mux v1.9.0
-	github.com/minio/pkg/v3 v3.0.10
+	github.com/minio/pkg/v3 v3.0.11-0.20240806150526-672ab5e3b458
 	github.com/minio/selfupdate v0.6.0
 	github.com/minio/simdjson-go v0.4.5
 	github.com/minio/sio v0.4.0
diff --git a/go.sum b/go.sum
index dc0582391..2b7e05641 100644
--- a/go.sum
+++ b/go.sum
@@ -470,8 +470,8 @@ github.com/minio/mux v1.9.0 h1:dWafQFyEfGhJvK6AwLOt83bIG5bxKxKJnKMCi0XAaoA=
 github.com/minio/mux v1.9.0/go.mod h1:1pAare17ZRL5GpmNL+9YmqHoWnLmMZF9C/ioUCfy0BQ=
 github.com/minio/pkg/v2 v2.0.19 h1:r187/k/oVH9H0DDwvLY5WipkJaZ4CLd4KI3KgIUExR0=
 github.com/minio/pkg/v2 v2.0.19/go.mod h1:luK9LAhQlAPzSuF6F326XSCKjMc1G3Tbh+a9JYwqh8M=
-github.com/minio/pkg/v3 v3.0.10 h1:pYcMsmwlMyYRo+XX+7vlLSp+5PqjwBk0SyFAeFlS81E=
-github.com/minio/pkg/v3 v3.0.10/go.mod h1:QfWcz9jh3Qu0Xg1mVBKhBzIKj7hKB7vz61/9pR4ZZ9Q=
+github.com/minio/pkg/v3 v3.0.11-0.20240806150526-672ab5e3b458 h1:fi2tFSnHgi5nH7+Kyj4Ymh5E4cFgWk5eFiqe5wap2MM=
+github.com/minio/pkg/v3 v3.0.11-0.20240806150526-672ab5e3b458/go.mod h1:QfWcz9jh3Qu0Xg1mVBKhBzIKj7hKB7vz61/9pR4ZZ9Q=
 github.com/minio/selfupdate v0.6.0 h1:i76PgT0K5xO9+hjzKcacQtO7+MjJ4JKA8Ak8XQ9DDwU=
 github.com/minio/selfupdate v0.6.0/go.mod h1:bO02GTIPCMQFTEvE5h4DjYB58bCoZ35XLeBf0buTDdM=
 github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
diff --git a/internal/config/identity/ldap/config.go b/internal/config/identity/ldap/config.go
index ea748c004..b0bd5c582 100644
--- a/internal/config/identity/ldap/config.go
+++ b/internal/config/identity/ldap/config.go
@@ -18,6 +18,7 @@
 package ldap
 
 import (
+	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"sort"
@@ -25,6 +26,7 @@ import (
 
 	"github.com/minio/madmin-go/v3"
 	"github.com/minio/minio/internal/config"
+	"github.com/minio/minio/internal/fips"
 	"github.com/minio/pkg/v3/ldap"
 )
 
@@ -189,9 +191,15 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) {
 		return l, nil
 	}
 	l.LDAP = ldap.Config{
-		RootCAs:       rootCAs,
 		ServerAddr:    ldapServer,
 		SRVRecordName: getCfgVal(SRVRecordName),
+		TLS: &tls.Config{
+			MinVersion:         tls.VersionTLS12,
+			NextProtos:         []string{"h2", "http/1.1"},
+			ClientSessionCache: tls.NewLRUClientSessionCache(100),
+			CipherSuites:       fips.TLSCiphersBackwardCompatible(), // Contains RSA key exchange
+			RootCAs:            rootCAs,
+		},
 	}
 
 	// Parse explicitly set enable=on/off flag.
@@ -220,7 +228,7 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) {
 		}
 	}
 	if v := getCfgVal(TLSSkipVerify); v != "" {
-		l.LDAP.TLSSkipVerify, err = config.ParseBool(v)
+		l.LDAP.TLS.InsecureSkipVerify, err = config.ParseBool(v)
 		if err != nil {
 			return l, err
 		}