cyrus-sasl2 2.1.28 has commit ... which makes it use openssl
for RC4.
debian/sid now has openssl3, which deprecated RC4 and made it part of
the legacy provider. Which means that by default it won't be
available, unless the application enables the legacy provider, or if
said provider is enabled via a system-wide openssl configuration.
Those two facts combined mean digest-md5, which uses RC4 if the SSF
layer is set to use encryption, is currently unavaliable to
applications using the cyrus-sasl2 library, such as openldap:
...
cyrus-sasl2 upstream landed[4] a few commits to address this and other
things, among which:
...
4. https://github.com/cyrusimap/cyrus-sasl/pull/653/commits