[Date Prev][Date Next] [Chronological] [Thread] [Top]

disable TLS compression with openssl?

To: openldap-technical@openldap.org
Subject: disable TLS compression with openssl?
From: "Paul B. Henson" <henson@acm.org>
Date: Sun, 06 Dec 2015 19:27:31 -0800
Content-disposition: inline
User-agent: Mutt/1.5.23 (2014-03-12)

We're currently running through all of our SSL/TLS using apps to disable
SSLv3 and update the accepted ciphers list, as well as other current
best practices. I don't see any way to disable SSL compression in
openldap? Does SSL compression with ldap traffic not lead to the same
issue as it does in web traffic?

Also, are there any plans to support ECDHE ciphers in openldap? I see
there's an ITS ticket about it, it's rather old and the last update
questioned whether those ciphers should be avoided due to potential NSA
meddling in their design.

Thanks...

Follow-Ups:
- Re: disable TLS compression with openssl?
  - From: Emmanuel Dreyfus <manu@netbsd.org>
- Re: disable TLS compression with openssl?
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: Samba auth on replicated LDAP: no admin user
Next by Date: Re: Samba auth on replicated LDAP: no admin user
Index(es):
- Chronological
- Thread