Am Sun, 06 Dec 2015 19:27:31 -0800 schrieb "Paul B. Henson" <[email protected]>:
> We're currently running through all of our SSL/TLS using apps to > disable SSLv3 and update the accepted ciphers list, as well as other > current best practices. I don't see any way to disable SSL > compression in openldap? Does SSL compression with ldap traffic not > lead to the same issue as it does in web traffic? You probabely should read https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls https://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.htm > Also, are there any plans to support ECDHE ciphers in openldap? I see > there's an ITS ticket about it, it's rather old and the last update > questioned whether those ciphers should be avoided due to potential > NSA meddling in their design. At LDAPcon 2015 it was announced to be included in OpenLDAP-2.5 -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
