[Date Prev][Date Next]
Re: disable TLS compression with openssl?
On Sun, Dec 06, 2015 at 07:27:31PM -0800, Paul B. Henson wrote:
> We're currently running through all of our SSL/TLS using apps to disable
> SSLv3 and update the accepted ciphers list, as well as other current
> best practices. I don't see any way to disable SSL compression in
> openldap? Does SSL compression with ldap traffic not lead to the same
> issue as it does in web traffic?
Looking at client/server exchanges with ssldump, I can see that
compression is not enabled:
1 1 0^@0046 (0^@0046) C>S Handshake
> Also, are there any plans to support ECDHE ciphers in openldap?
It is in the trunk version. I made a patch to backport it to 2.4.40: