[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS renotiation



I've now posted my preliminary report on the general impact of TLS renegotiation on LDAP to the ldapext@ietf.org list, for initial discussion there. A final report will be made available later, likely posted to ldap@umich.edu.

This message is available in our local archive of this list: http://www.openldap.org/lists/ietf-ldapext/200911/msg00000.html

Howard has already made a brief statement here regarding impact upon OpenLDAP Software on this list. In short summary, only the "milder issue" applies to OpenLDAP Software (and seems to a very minor concern). Clients can mitigate this issue as discussed in the report. Servers can mitigate this issue by disabling TLS renegotiations within their TLS library. Disabling TLS renegotiations in the server has side effects which might not be desirable in certain deployments.

-- Kurt