Details
-
Improvement
-
Resolution: Fixed
-
Major
-
7.6.0, 7.1.0, 7.2.0
-
0
Description
When we connect to some LDAP servers middlebox compatibility can create issues in at least erlang 24 and erlang 25.
In erlang 24: erlang TLS client is not reacting to HelloRetryReq messages.
In erlang 25: erlang TLS responds with HelloClient to HelloRetryReq, but fails later because decryption fails
Erlang team doesn't consider it a bug, but maybe plan to implement "relaxed" compat mode in future (https://github.com/erlang/otp/issues/7199).
Anyway in both cases (both erlang versions) the problem can be worked around by disabling the middlebox compatibility. Since we are not sure that disabling the middlebox compat by default will not break other scenarios I think we should make it an LDAP option, which users can change in case if they hit this compatibility issue.