[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: disable TLS compression with openssl?
> From: Howard Chu
> Sent: Monday, December 07, 2015 6:26 AM
>
> OpenLDAP does not enable compression so there is nothing to disable.
Hmm, that's not what I am seeing. Using the latest sslscan:
-----------------------
$ sslscan ldap.cpp.edu:636
Version: 1.10.6
OpenSSL 1.0.1p 9 Jul 2015
Testing SSL server ldap.cpp.edu on port 636
TLS renegotiation:
Secure session renegotiation supported
TLS Compression:
Compression enabled (CRIME)
[...]
---------------------
shows that compression is enabled. As does Wireshark when sniffing the
packets over the wire. This is with openssl, perhaps gnutls behaves
differently?
> The CRIME attack does not work against LDAP or other stateful protocols
> where credentials are only sent once.
Great, thanks much for clarifying that for me.