[Dovecot] dovecot: disable ssl compression
Andreas Schulze
sca at andreasschulze.de
Thu Apr 10 13:04:40 UTC 2014
Hello,
Our "it-security" department asked me about Qualys warnings like
-> SSL/TLS Compression Algorithm Information Leakage Vulnerability
As far as I learned it's compression inside ssl.
postfix-2.11 knows 'tls_ssl_options = no_compression'
( see http://www.postfix.org/postconf.5.html#tls_ssl_options )
is the something comparable in dovecot too?
Looks like most extensions in ssl exist only to be disabled :-/
Thanks
Andreas
More information about the dovecot
mailing list