[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: RE: POODLE SSLv3 downgrade attack

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>, "Michael Ströder" <michael@stroeder.com>
Subject: Re: Antw: RE: POODLE SSLv3 downgrade attack
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Mon, 20 Oct 2014 09:19:49 +0200
Content-disposition: inline
In-reply-to: <5444B01F.2050701@stroeder.com>
References: <5440D5F1.8050503@symas.com> <BLU170-W8303CBEF13F0FA435A5765A5960@phx.gbl> <5444C914020000A100017710@gwsmtp1.uni-regensburg.de> <5444B01F.2050701@stroeder.com>

>>> Michael Ströder <michael@stroeder.com> schrieb am 20.10.2014 um 08:47 in
Nachricht <5444B01F.2050701@stroeder.com>:
> Ulrich Windl wrote:
>> Related question: If a slapcat of the config database doesn't show a value
>> for TLSCipherSuite, does it mean it is some default value?
> 
> 
> I'm pretty sure the default depends on the TLS lib used and how it was
built
> for a certain OS.

Does it mean openLDAP has no idea about the default, unless you explicitly set
it?

> 
> => always set TLSCipherSuite explicitly
> 
> To find out which protocols/ciphers can be used with a current installation
> use sslscan.
> 
> Ciao, Michael.

Follow-Ups:
- Re: POODLE SSLv3 downgrade attack
  - From: Michael Ströder <michael@stroeder.com>

References:
- POODLE SSLv3 downgrade attack
  - From: Howard Chu <hyc@symas.com>
- RE: POODLE SSLv3 downgrade attack
  - From: Joe Friedeggs <friedeggs44@hotmail.com>
- Antw: RE: POODLE SSLv3 downgrade attack
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: RE: POODLE SSLv3 downgrade attack
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Antw: RE: POODLE SSLv3 downgrade attack
Next by Date: Re: POODLE SSLv3 downgrade attack
Index(es):
- Chronological
- Thread