[Date Prev][Date Next]
disable TLS compression with openssl?
- To: firstname.lastname@example.org
- Subject: disable TLS compression with openssl?
- From: "Paul B. Henson" <email@example.com>
- Date: Sun, 06 Dec 2015 19:27:31 -0800
- Content-disposition: inline
- User-agent: Mutt/1.5.23 (2014-03-12)
We're currently running through all of our SSL/TLS using apps to disable
SSLv3 and update the accepted ciphers list, as well as other current
best practices. I don't see any way to disable SSL compression in
openldap? Does SSL compression with ldap traffic not lead to the same
issue as it does in web traffic?
Also, are there any plans to support ECDHE ciphers in openldap? I see
there's an ITS ticket about it, it's rather old and the last update
questioned whether those ciphers should be avoided due to potential NSA
meddling in their design.