Hi! We have a MAG-4610 (8.2R6). When I set the setting on "auth servers" to use LDAP STARTTLS it will just say "LDAP Server is unreachable" but if I use Unencrypted it will work. So I installed wireshark on our domain controller/ldap server and when the "Client Hello" comes it uses SSLv2 protocol so I guess thats why it says "server unreachable" since we are only allowing tls 1.2
I can see that the handshake comes to our AD server and it is indeed SSLv2 initail handshake as you mention and then it tries to init tls 1.2 but thats where it fails. Our AD server sends a RST and I guess it's because the initial handshake is sslv2?