I've now posted my preliminary report on the general impact of TLS
renegotiation on LDAP to the [email protected] list, for initial
discussion there. A final report will be made available later, likely
posted to [email protected].
This message is available in our local archive of this list:
http://www.openldap.org/lists/ietf-ldapext/200911/msg00000.html
Howard has already made a brief statement here regarding impact upon
OpenLDAP Software on this list. In short summary, only the "milder
issue" applies to OpenLDAP Software (and seems to a very minor
concern). Clients can mitigate this issue as discussed in the
report. Servers can mitigate this issue by disabling TLS
renegotiations within their TLS library. Disabling TLS renegotiations
in the server has side effects which might not be desirable in certain
deployments.
-- Kurt
