20 May
2014
20 May
'14
10:49 p.m.
Jiri Bourek:
Well they seem to know what they are talking about. The description of the threat in linked screenshot says "attacker needs to have ability to submit any plain text"
I wrote the attached patch to add SSL_OP_NO_COMPRESSION to dovecot. Looks not perfect but definitly works.
Andreas