ldaps: support TLS 1.3 as SSL version

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/Auth/AD.pm b/PVE/Auth/AD.pm
index a877a7657d7b2ba2a344f77956a344d83bd3a2e1..42eb79d0a386e2127fc5e94ece5c26925b58b494 100755 (executable)
--- a/PVE/Auth/AD.pm
+++ b/PVE/Auth/AD.pm
@@ -34,9 +34,9 @@ sub properties {
 
        },
        sslversion => {
-           description => "LDAPS ssl version.",
+           description => "LDAPS TLS/SSL version. It's not recommended to use version older than 1.2!",
            type => 'string',
-           enum => [qw(tlsv1 tlsv1_1 tlsv1_2)],
+           enum => [qw(tlsv1 tlsv1_1 tlsv1_2 tlsv1_3)],
            optional => 1,
        },
        default => {
@@ -116,7 +116,7 @@ my $authenticate_user_ad = sub {
     }
 
     if ($config->{secure}) {
-       $ad_args{sslversion} = $config->{sslversion} ? $config->{sslversion} : 'tlsv1_2';
+       $ad_args{sslversion} = $config->{sslversion} || 'tlsv1_2';
     }
 
     my $ldap = Net::LDAP->new($conn_string, %ad_args) || die "$@\n";

diff --git a/PVE/Auth/LDAP.pm b/PVE/Auth/LDAP.pm
index d6c26eb0f0bf9d5da58dc195e9bbef453ccc6320..a94778e3b12da94ce10d102f186996c0b691ef56 100755 (executable)
--- a/PVE/Auth/LDAP.pm
+++ b/PVE/Auth/LDAP.pm
@@ -111,7 +111,7 @@ my $authenticate_user_ldap = sub {
     }
 
     if ($config->{secure}) {
-       $ldap_args{sslversion} = $config->{sslversion} ? $config->{sslversion} : 'tlsv1_2';
+       $ldap_args{sslversion} = $config->{sslversion} || 'tlsv1_2';
     }
 
     my $ldap = Net::LDAP->new($conn_string, %ldap_args) || die "$@\n";