[Date Prev][Date Next]
Re: disable TLS compression with openssl?
Am Sun, 06 Dec 2015 19:27:31 -0800
schrieb "Paul B. Henson" <email@example.com>:
> We're currently running through all of our SSL/TLS using apps to
> disable SSLv3 and update the accepted ciphers list, as well as other
> current best practices. I don't see any way to disable SSL
> compression in openldap? Does SSL compression with ldap traffic not
> lead to the same issue as it does in web traffic?
You probabely should read
> Also, are there any plans to support ECDHE ciphers in openldap? I see
> there's an ITS ticket about it, it's rather old and the last update
> questioned whether those ciphers should be avoided due to potential
> NSA meddling in their design.
At LDAPcon 2015 it was announced to be included in OpenLDAP-2.5
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B