#5073 LDAP userdb : SSL connect attempt failed because of handshake problems

[Hubert Zweckstetter]

I use LDAP for account management with tls=1 over port 386
When webmin is started the following error is displayed
Failed to open users database : Failed to switch to LDAP TLS mode : SSL connect attempt failed because of handshake problems
After debuging the SSL parameters I found, that the sslversion='TLSv1' is required in start_tls of Net::LDAP
My LDAP server does not support the default perl setting (sslv23)
By setting the sslversion in miniserv.pl (line 4909) and web-lib-funcs.pl (line 10225) webmin starts.
Changing the SSL version in the webmin configuration did not help.
Is there any other parameter, that sets the sslversion in Net::LDAP?

[Jamie Cameron]

Maybe your LDAP server needs to be configured to support the older TLS version?

[Hubert Zweckstetter]

Unfortunatly, this is no option. The LDAP server is not under my control. Could the tls variable in the connect string of userdb be used to define the sslversion? Eg. ...scheme=ldap&tls=1_2 when start_tls(sslversion => 'TLSv1_2') is required

[Hubert Zweckstetter]

my change in web-lib-funcs.pl (line 10224)

# Switch to TLS mode
            if ($args->{'tls'} eq "1_1" or $args->{'tls'} eq "1_2") {
                    eval { $mesg = $ldap->start_tls(sslversion => "TLSv$args->{'tls'}"); };
            } else {
                    # default
                    eval { $mesg = $ldap->start_tls(); };
            }

[Jamie Cameron]

Thanks for the patch - I will include it in the next Webmin release.