Configuring SharePoint 2013 FBA with secure LDAP

We currently have a 2013 Farm with FBA configured to use LDAP authentication.  

Due to the upcoming security changes to LDAP Default settings (see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190023), we need to enable secure LDAP communications for FBA.

I can find dozens of articles online about how to configure FBA, but they all use normal LDAP (i.e. port 389/no SSL).  I have yet to find one enabling secure LDAP.

Example:

<membership>
   <providers>
      <add name="LdapMember" 
         type="Microsoft.Office.Server.Security.LdapMembershipProvider,
 Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral,
 PublicKeyToken=71e9bce111e9429c" 
         server="dc.sharepoint.com" 
         port="389" 
         useSSL="false" 
         userDNAttribute="distinguishedName" 
         userNameAttribute="sAMAccountName" 
         userContainer="OU=SPUsers,DC=sharepoint,DC=com" 
         userObjectClass="person" 
         userFilter="(ObjectClass=person)" 
         scope="Subtree" 
         otherRequiredUserAttributes="sn,givenname,cn" />
   </providers>
</membership>

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" > 
   <providers>
      <add name="LdapRole"
         type="Microsoft.Office.Server.Security.LdapRoleProvider, 
Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, 
PublicKeyToken=71e9bce111e9429c"
         server="dc.sharepoint.com" 
         port="389"
         useSSL="false"
         groupContainer="OU=SPUsers,DC=sharepoint,DC=com"
         groupNameAttribute="cn"
         groupNameAlternateSearchAttribute="samAccountName"
         groupMemberAttribute="member"
         userNameAttribute="sAMAccountName"
         dnAttribute="distinguishedName"
         groupFilter="(ObjectClass=group)"
         userFilter="(ObjectClass=person)"
         scope="Subtree" />
   </providers>
</roleManager>

Is enabling secure LDAP as simple as changing the following?

•  port="389" => port="636"
•  useSSL="false" => useSSL="true"

Or are there settings elsewhere that need to be configured as well?

Update (5-Feb-2020):

So, I have partially answered my question.

In a test Environment, I made the changes to use port 636 and set useSSL="true", but I still get the same log entry when logging in:

The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.

So, I thought that perhaps I need to change the policies to "require signing" for the Server and Client.  I adjusted the group policies, but it still logged the event, only with the added bonus of the logon failing.

So, now my question goes from "is it as simple as...?" to just "are there settings elsewhere that need to be configured as well"?

Thanks,

Eric