ldaps: support TLS 1.3 as SSL version

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-06-11 03:15:06 +00:00 · 2019-11-06 20:23:21 +01:00 · 2019-11-06 20:23:21 +01:00 · 3b7eaef10f
commit 3b7eaef10f
parent 07dd90d731
2 changed files with 4 additions and 4 deletions
--- a/PVE/Auth/AD.pm
+++ b/PVE/Auth/AD.pm
@ -34,9 +34,9 @@ sub properties {

 	},
 	sslversion => {
-	    description => "LDAPS ssl version.",
+	    description => "LDAPS TLS/SSL version. It's not recommended to use version older than 1.2!",
 	    type => 'string',
-	    enum => [qw(tlsv1 tlsv1_1 tlsv1_2)],
+	    enum => [qw(tlsv1 tlsv1_1 tlsv1_2 tlsv1_3)],
 	    optional => 1,
 	},
 	default => {
@ -116,7 +116,7 @@ my $authenticate_user_ad = sub {
    }

    if ($config->{secure}) {
-	$ad_args{sslversion} = $config->{sslversion} ? $config->{sslversion} : 'tlsv1_2';
+	$ad_args{sslversion} = $config->{sslversion} || 'tlsv1_2';
    }

    my $ldap = Net::LDAP->new($conn_string, %ad_args) || die "$@\n";
--- a/PVE/Auth/LDAP.pm
+++ b/PVE/Auth/LDAP.pm
@ -111,7 +111,7 @@ my $authenticate_user_ldap = sub {
    }

    if ($config->{secure}) {
-	$ldap_args{sslversion} = $config->{sslversion} ? $config->{sslversion} : 'tlsv1_2';
+	$ldap_args{sslversion} = $config->{sslversion} || 'tlsv1_2';
    }

    my $ldap = Net::LDAP->new($conn_string, %ldap_args) || die "$@\n";