Dears~, My environment is: OS:Ubuntu 12.04.4 LTS Python:Python 2.7.3 When use ldap connect to AD server over ssl. I got this error "A TLS packet with unexpected length was received" I have got the package by tcpdump and find hello faild
But when I use perl script in same environment is ok, and python script running in Ubuntu16 also connect successfully(only python in ubuntu12 not work) When successfully connected the hello request will bring more ciphers than Ubuntu12. Run well on Ubuntu16 When faild ,AD server could found error log
My test script is:
import ldap
TIMEOUT = 30
DEBUG_LEVEL = 8191
TRACE_LEVEL = 10
AD_HOST = "10.29.137.100"
USERNAME = "username"
PASSWORD = "password"
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 8191)
ldapConn = ldap.initialize("ldaps://" + AD_HOST + ":636",
trace_level=TRACE_LEVEL)
ldapConn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
ldapConn.set_option(ldap.OPT_X_TLS_CIPHER_SUITE,'TLSv1:!NULL')
ldapConn.set_option(ldap.OPT_REFERRALS, 0)
ldapConn.set_option(ldap.OPT_NETWORK_TIMEOUT , TIMEOUT)
ldapConn.set_option(ldap.OPT_TIMEOUT , TIMEOUT)
ldapConn.simple_bind_s(USERNAME, PASSWORD)
My question is how to change ciphers in python scripts? I found ldapConn.set_option(ldap.OPT_X_TLS_CIPHER_SUITE,'TLSv1:!NULL') not work for me. and now I have no idea where setting these cipher values. or what third party depend I can upgrade to support more ciphers.
Thanks~~~
You've just hit the python 2/3 wall.
Your script is python3 that you try to run in a python 2.7 environment which is not backward compatible. Only option is to install python3 on Ubuntu 12 and run it there with python3.X.
An example is shown here.