I am attempting to use the ldap3 Python module to authenticate to ldap, but I'm wanting to verify if my connection is using TLS version 1.2.
Relevant code snippet:
tls = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1_2)
server = Server(server_uri, use_ssl=True, tls=tls, get_info=ALL)
conn = Connection(server, user="domain\\myusername", password="password", authentication=NTLM, auto_referrals=False)
conn.bind()
Output of my Connection object:
Connection(server=Server(
host='domain.host.com',
port=636,
use_ssl=True,
allowed_referral_hosts=[('*', True)],
tls=Tls(validate=<VerifyMode.CERT_REQUIRED: 2>,
version=<_SSLMethod.PROTOCOL_TLSv1_2: 5>),
get_info='ALL', mode='IP_V6_PREFERRED'),
version=3,
authentication='NTLM',
client_strategy='SYNC', ...truncated...)
I'm not sure what the "5" means in the version property, but ultimately I'm trying to validate if I'm authenticating using TLS version 1.2 or not.
The constants come from the ssl stdlib module. You can use the module to print the constant equiv for different SSL versions as follows:
$ python -c "import ssl; print(ssl.PROTOCOL_SSLv3)"
1
$ python -c "import ssl; print(ssl.PROTOCOL_SSLv23)"
2
$ python -c "import ssl; print(ssl.PROTOCOL_TLSv1)"
3
$ python -c "import ssl; print(ssl.PROTOCOL_TLSv1_1)"
4
$ python -c "import ssl; print(ssl.PROTOCOL_TLSv1_2)"
5