[Samba] TLS 1.2 Support Samba-AD
Sérgio Basto
sergio at serjux.com
Wed May 29 00:57:01 UTC 2019
On Wed, 2019-05-29 at 05:48 +0530, Anantha Raghava via samba wrote:
> Hi,
>
> Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give
> more
> details on its configuration?
Seems that is enabled by default (tested with samba-4.9.x ) [1]
openssl s_client -showcerts -connect mydc1.etc.com:636 [2]
[1]
https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
[2]
(...)
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
C45186405F3B55B472DFD075A27C1BA68A90D4BD4C72EE94BD7BD6F8F58E6283
Session-ID-ctx:
Master-Key:
40E62E425FF8AE4A491001576A97F7FB3EB54A326FD5D3BF0BDB392DE6FA137C60A98C1
FC8A02B12103C64594DFE9785
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1559091178
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
closed
> Regards,
> Ananth
--
Sérgio M. B.
More information about the samba
mailing list