Is TLSv1.3 required on PBS 3.1 for LDAP authentication?

f4242

Renowned Member
Dec 19, 2016
104
5
83
Quebec, QC
Hello,

I upgraded my first PBS server to 3.1 today. LDAP authentication is failing with that error :

Feb 6 15:35:40 backup-pbs backup-pbs proxmox-backup-api[762]: authentication failure; rhost=[::ffff:10.x.x.x]:44696 user=myuser@ldap msg=native TLS error: error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../ssl/statem/extensions.c:893:

The LDAP backend is Samba on Ubuntu 16.04 ESM (yeah, I know, it needs upgrade!). Samba is logging: "A TLS fatal alert has been received".

I wonder if PBS 3.x now requires TLSv1.3. Is there a way to configure it to allow the use of TLSv1.2 until we upgrade our DCs? I looked inside /etc/proxmox-backup-server but didn't find anything.

Thanks.