[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: disable TLS compression with openssl?

Am Sun, 06 Dec 2015 19:27:31 -0800
schrieb "Paul B. Henson" <henson@acm.org>:

> We're currently running through all of our SSL/TLS using apps to
> disable SSLv3 and update the accepted ciphers list, as well as other
> current best practices. I don't see any way to disable SSL
> compression in openldap? Does SSL compression with ldap traffic not
> lead to the same issue as it does in web traffic?

You probabely should read

> Also, are there any plans to support ECDHE ciphers in openldap? I see
> there's an ITS ticket about it, it's rather old and the last update
> questioned whether those ciphers should be avoided due to potential
> NSA meddling in their design.

At LDAPcon 2015 it was announced to be included in OpenLDAP-2.5


Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B