Background: Currently, when connecting to a ldap backend, ssl.PROTOCOL_TLSv1 [2] is offered as only option to the backend.
This leads to following issues:
- LDAP Backends that do not support TLSv1.0 (because of security reasons [3]) cannot be used in ERPNext
- erpnext can ONLY connect to LDAP Backends offering the insecure [3] TLSv1.0 protocol (see ldap_settings.py ln: 61, 63)
With this change to ssl.PROTOCOL_TLS_CLIENT we allow erpnext customers to configure LDAP Backends that also support more modern/secure (TLSv1.2 and up) transport
while still ensure backwards compatibility and allowing TLSv1.0,
since ssl.PROTOCOL_TLS "Auto-negotiates the highest protocol version that both the client and server support" [1]
[1]: https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS_CLIENT
[2]: https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLSv1
[3]: https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-02.html
c99e576e1b