MicrosoftMicrosoftSo I've been subscribed to this thread for a while now and I noticed that STARTTLS has become more of a hot topic. When I was doing my research into our Mac issues, I was doing a lot of Wireshark captures trying to figure out what was going on. Macs apparently use STARTTLS for their SSL implementation to AD (via port 389), as indicated in the capture (see below). I verified that they keep working even with the LDAP Signing set to 'Required', so while I can't say for certain, I'm pretty sure that STARTTLS will keep working fine even after the updates. My take on this whole thing is that only unsigned/non-encrypted authentication attempts will fail. Any initial connections prior to authentication will still work (though you won't be able to do much obviously), until it tries to actually do the bind. If it either doesn't properly sign/encrypt or bring up a TLS channel with STARTTLS prior to authentication, it will fail. Connections over LDAPS (636) are encrypted from the start similar to HTTPS and are not an issue as well.
I hope this helps!
