[Dovecot] dovecot: disable ssl compression
Reindl Harald
h.reindl at thelounge.net
Wed Apr 23 22:15:12 UTC 2014
Am 23.04.2014 23:52, schrieb Andreas Schulze:
> Reindl Harald:
>
>> that attacks are not relevant for email because they
>> rely on the way a webbrowser works which is not the
>> case for a mail client - you can't trigger XSS and
>> Ajax in a MUA
>
> sure, that may be right, but
>
> We manage numerous public available services. And every time
> we go through our Qualys reports
https://www.ssllabs.com/ssltest/ just don't alow anything other than
https and port 443 - what reports are you speaking about?
> I have to explain this message from Qualys as not
> relevant/harmless/cannot change
so what - which fools are allowed to audit you while have
no clue what they are talking about?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140424/a048ddb3/attachment.sig>
More information about the dovecot
mailing list