[pve-devel] proxmox6 : ldaps to activedirectory2012 not working because of buster ssl settings to min tls 1.2

Alexandre DERUMIER Mon, 04 Nov 2019 00:36:34 -0800

Hi,

since buster,  openssl client is forced to minimum tls 1.2,
in /etc/ssl/openssl.cnf


"
[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2
"


This is breaking ldaps on activedirectory 2012r2. (commenting this code in 
openssl.cnf fix the problem)
(ad2012r2 already support tls_12)




Funny, this is working with adding "sslversion=>'tlsv1_2') to net::ldap


/usr/share/perl5/PVE/Auth/AD.pm

$ad_args{sslversion} = 'tlsv1_2';
my $ldap = Net::LDAP->new($conn_string, %ad_args) || die "$@\n";



So, could be add an sslversion option to ldap auth plugins ? 
and maybe set it to tls1.2 by default ?

_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] proxmox6 : ldaps to activedirectory2012 not working because of buster ssl settings to min tls 1.2

Reply via email to