shaba/openuds
1
0
Fork 1
mirror of https://github.com/dkmstr/openuds.git synced 2025-01-10 01:17:59 +03:00
Code Issues Releases Wiki Activity

removed support for tls1.0&tls1.1 for ldap client on UDS, backported from 4.0

Browse Source
This commit is contained in:
Adolfo Gómez García 2023-04-03 14:04:35 +02:00
parent c11ea77f22
commit 9d5e983847
No known key found for this signature in database
GPG Key ID: DD1ABF20724CDA23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/src/uds/core/util/ldaputil.py
View File

@ -114,6 +114,9 @@ def connection(
if not verify_ssl:
l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) # type: ignore
l.set_option(ldap.OPT_X_TLS_NEWCTX, 0) # type: ignore
# Disable TLS1 and TLS1.1
# 0x304 = TLS1.3, 0x303 = TLS1.2, 0x302 = TLS1.1, 0x301 = TLS1.0, but use ldap module constants
l.set_option(ldap.OPT_X_TLS_PROTOCOL_MIN, ldap.OPT_X_TLS_PROTOCOL_TLS1_2) # type: ignore
l.simple_bind_s(who=username, cred=password)
except ldap.SERVER_DOWN as e: # type: ignore