How to tell Python's ldap3 module to TLS version 1.2 explicitly?

Question

I am attempting to use the ldap3 Python module to authenticate to ldap, but I'm wanting to verify if my connection is using TLS version 1.2.

Relevant code snippet:

tls = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1_2)
server = Server(server_uri, use_ssl=True, tls=tls, get_info=ALL)
conn = Connection(server, user="domain\\myusername", password="password", authentication=NTLM, auto_referrals=False)
conn.bind()

Output of my Connection object:

Connection(server=Server(
host='domain.host.com', 
port=636, 
use_ssl=True, 
allowed_referral_hosts=[('*', True)], 
tls=Tls(validate=<VerifyMode.CERT_REQUIRED: 2>, 
version=<_SSLMethod.PROTOCOL_TLSv1_2: 5>), 
get_info='ALL', mode='IP_V6_PREFERRED'), 
version=3, 
authentication='NTLM', 
client_strategy='SYNC', ...truncated...)

I'm not sure what the "5" means in the version property, but ultimately I'm trying to validate if I'm authenticating using TLS version 1.2 or not.

Answer 1

The constants come from the ssl stdlib module. You can use the module to print the constant equiv for different SSL versions as follows:

$ python -c "import ssl; print(ssl.PROTOCOL_SSLv3)"
1
$ python -c "import ssl; print(ssl.PROTOCOL_SSLv23)"
2
$ python -c "import ssl; print(ssl.PROTOCOL_TLSv1)"
3
$ python -c "import ssl; print(ssl.PROTOCOL_TLSv1_1)"     
4
$ python -c "import ssl; print(ssl.PROTOCOL_TLSv1_2)"
5