[pve-devel] proxmox6 : ldaps to activedirectory2012 not working because of buster ssl settings to min tls 1.2

[Alexandre DERUMIER]

Hi,

since buster,  openssl client is forced to minimum tls 1.2,
in /etc/ssl/openssl.cnf

"
[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT at SECLEVEL=2
"


This is breaking ldaps on activedirectory 2012r2. (commenting this code in openssl.cnf fix the problem)
(ad2012r2 already support tls_12)




Funny, this is working with adding "sslversion=>'tlsv1_2') to net::ldap


/usr/share/perl5/PVE/Auth/AD.pm

$ad_args{sslversion} = 'tlsv1_2';
my $ldap = Net::LDAP->new($conn_string, %ad_args) || die "$@\n";



So, could be add an sslversion option to ldap auth plugins ? 
and maybe set it to tls1.2 by default ?