[Dovecot] dovecot: disable ssl compression

Andreas Schulze sca at andreasschulze.de
Wed Apr 23 21:52:19 UTC 2014


Reindl Harald:

> that attacks are not relevant for email because they
> rely on the way a webbrowser works which is not the
> case for a mail client - you can't trigger XSS and
> Ajax in a MUA

sure, that may be right, but

We manage numerous public available services. And every time we go through our
Qualys reports I have to explain this message from Qualys as not  
relevant/harmless/cannot change.
It takes time to describe this fact again and again to our it-security people.

And there are many other people in the same situation like me...
That's my main intention to ask how to disable ssl compression in dovecot.

Andreas



More information about the dovecot mailing list