Unable to estabish a SLDAP connection using Python 3.10.x

Question

using the following code it is possible to set up an connection object in Python 3.8.x using the ldap3 module.

tls = Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLSv1_2)
server = Server(server_uri, use_ssl=True, tls=tls, get_info=ALL)
conn = Connection(server, user="domain\\myusername", password="password", authentication=NTLM, auto_referrals=False)
conn.bind()

But starting with Python 3.10 this code is not working anymore - when executed it is leading to an SSL handshake error. I believe this is because of a change of the OpenSSL library used in the current Python 3.10.x packages.

Did anybody else run into this issue and hopefully found a solution?

Answer 1

Meanwhile, I found the solution on my own - but I am not sure if this is a bug or feature of openSSL 1.1.1?

Getting some debug information from the server side, I found the issue was coming up because of "no common cypher" could between client and server.

After adding a cipher available on the server side to the Tls object in my code, the connection could be established.

ciphers='AES256-GCM-SHA384'
# Establish LDAP connection and initialize connection (conn) object
tls = Tls(ciphers=ciphers,validate=ssl.CERT_NONE,version=ssl.PROTOCOL_TLS)
#context = ssl.context(set_cipher_list=AES256-GCM-SHA384)
serverURL = ldap3.Server(host=server,port=636,use_ssl=True,tls=tls)
conn = ldap3.Connection(serverURL, user, pwd)

I am still confused, why the connection could be established before openSSL without the ciphers parameter, and now it is needed - by the way ciphers='ALL' is working as well, so I believe the defaults might have been changed in openSSL 1.1.1.

Kind regards

Thorsten