-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Supported SSL/TLS versions #348
Comments
Any updates on this? |
Typically the limitations would be tied to the version of OpenSSL in use and the options provided in |
The version that's installed in my ruby:2.6.5-slim Docker container is The weirdest part is that I can connect to a development ldap server just fine, but it only throws this error against the production AD server. An older version of net-ldap ( And I should mention that I'm using net-ldap through devise_ldap_authenticatable |
Does this problem surface with any other LDAP clients such as |
We can get more info about OpenSSL library in use like so: require 'net/ldap'
OpenSSL::OPENSSL_VERSION
# => "OpenSSL 1.1.1h 22 Sep 2020"
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
# => {
# :min_version => 769,
# :verify_mode => 1,
# :verify_hostname => true,
# :options => 2147614804
# }
OpenSSL::SSL.constants.select { |c| c.to_s.end_with?('_VERSION') }.each_with_object({}) { |c,h| h[c] = OpenSSL::SSL.const_get(c) }
# => {
# :TLS1_VERSION => 769,
# :TLS1_2_VERSION => 771,
# :TLS1_3_VERSION => 772,
# :SSL2_VERSION => 2,
# :TLS1_1_VERSION => 770,
# :SSL3_VERSION => 768
# } We can also try some versions and see what happens require 'net/ldap'
[:TLSv1, :TLSv1_1, :TLSv1_2, :SSLv2, :SSLv23, :SSLv3].each do |ssl_ver|
ldap = Net::LDAP.new(host: hostname, port: 636,
encryption: { method: :simple_tls, tls_options: { ssl_version: ssl_ver } })
ldap.search_root_dse
puts "#{ssl_ver}: \t#{ldap.get_operation_result.message}"
rescue StandardError => e
puts "#{ssl_ver}: \t#{e.class} #{e.message}"
end Here's an example with one directory I tried.
|
im having a similar issue where If I am using this library within docker it seems to blow up with SSL issues, but outside of docker it works fine. It works inside ruby:2.6.3-stretch but not ruby:2.6.3. I am using 0.11 |
FYI |
What are the SSL/TLS versions supported for ldaps:// queries? I'm getting the error
Net::LDAP::Error (SSL_connect returned=1 errno=0 state=error: unsupported protocol)
and I'd like to debug the issue.The text was updated successfully, but these errors were encountered: