[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS renotiation

To: openldap-software@OpenLDAP.org
Subject: Re: TLS renotiation
From: Kurt Zeilenga <Kurt@OpenLDAP.org>
Date: Wed, 11 Nov 2009 06:06:48 -0800
In-reply-to: <4AF9FE5F.1020804@nextury.com>
References: <87ws21o1yc.fsf@rubin.avci.de> <4AF69793.4040502@symas.com> <78ECD685-4A3F-4A31-BBD8-23F36D8E9924@sun.com> <4AF9C629.1010502@symas.com> <4AF9FE5F.1020804@nextury.com>

I've now posted my preliminary report on the general impact of TLSrenegotiation on LDAP to the ldapext@ietf.org list, for initialdiscussion there. A final report will be made available later, likelyposted to ldap@umich.edu.


This message is available in our local archive of this list: http://www.openldap.org/lists/ietf-ldapext/200911/msg00000.html

Howard has already made a brief statement here regarding impact uponOpenLDAP Software on this list. In short summary, only the "milderissue" applies to OpenLDAP Software (and seems to a very minorconcern). Clients can mitigate this issue as discussed in thereport. Servers can mitigate this issue by disabling TLSrenegotiations within their TLS library. Disabling TLS renegotiationsin the server has side effects which might not be desirable in certaindeployments.


-- Kurt

Follow-Ups:
- Re: TLS renotiation
  - From: Howard Chu <hyc@symas.com>

References:
- TLS renotiation
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: TLS renotiation
  - From: Howard Chu <hyc@symas.com>
- Re: TLS renotiation
  - From: Ludovic Poitou <Ludovic.Poitou@Sun.COM>
- Re: TLS renotiation
  - From: Howard Chu <hyc@symas.com>
- Re: TLS renotiation
  - From: Emmanuel Lecharny <elecharny@apache.org>

Prev by Date: Re: Anonymous Syncrepl?
Next by Date: Re: Troubleshooting synchronization
Index(es):
- Chronological
- Thread