[Dovecot] dovecot: disable ssl compression
Andreas Schulze
sca at andreasschulze.de
Wed Apr 23 21:52:19 UTC 2014
Reindl Harald:
> that attacks are not relevant for email because they
> rely on the way a webbrowser works which is not the
> case for a mail client - you can't trigger XSS and
> Ajax in a MUA
sure, that may be right, but
We manage numerous public available services. And every time we go through our
Qualys reports I have to explain this message from Qualys as not
relevant/harmless/cannot change.
It takes time to describe this fact again and again to our it-security people.
And there are many other people in the same situation like me...
That's my main intention to ask how to disable ssl compression in dovecot.
Andreas
More information about the dovecot
mailing list