SSL/TLS error with create_computer module
Closed this issue · 3 comments
Using create_computer module I get this error:
Can't create computer, TLS needed: wrap socket error: [Errno 104] Connection reset by peer
TLS needed: wrap socket error: [Errno 104] Connection reset by peer error seems to come from ldap3. Most possibly because the SSL/TLS version is too old and have been disabled in newer openssl version.
➜ openssl --version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
nmap scripts shows me the server accept old SSL v2
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC4_128_WITH_MD5
|_ SSL2_DES_192_EDE3_CBC_WITH_MD5
It seems the solution is to provide a custom openssl configuration https://takraw-s.medium.com/fix-errors-socket-ssl-wrapping-error-errno-104-connection-reset-by-peer-9c63c551cd7.
What I don't understand, is that I was successfully able to use other modules without TLS errors. So there is maybe somethign else.
That is a very unique situation, and we can't really have a package that interacts with people system configuration. I could envision a solution where we embed a custom TLS implementation that supports SSL2 but that will likely impact performance there might be side effects. Unless you are willing to step into that and offer a generous PR, I will close the issue :)
Have you an idea why other commands were working and just this one complained about TLS issues? I mean, it was always the same LDAP server.
My wild guess is that the commands you used worked just fine using LDAP, but certain LDAP queries have to be done over TLS.
I suppose the commands that worked did work because TLS wasn't required. And suddenly one command requires TLS and thus cause the program to crash due to the incompatibilities in the TLS stack.