[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: disable TLS compression with openssl?
Am Sun, 06 Dec 2015 19:27:31 -0800
schrieb "Paul B. Henson" <henson@acm.org>:
> We're currently running through all of our SSL/TLS using apps to
> disable SSLv3 and update the accepted ciphers list, as well as other
> current best practices. I don't see any way to disable SSL
> compression in openldap? Does SSL compression with ldap traffic not
> lead to the same issue as it does in web traffic?
You probabely should read
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.htm
> Also, are there any plans to support ECDHE ciphers in openldap? I see
> there's an ITS ticket about it, it's rather old and the last update
> questioned whether those ciphers should be avoided due to potential
> NSA meddling in their design.
At LDAPcon 2015 it was announced to be included in OpenLDAP-2.5
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E