[Dovecot] dovecot: disable ssl compression

Reindl Harald h.reindl at thelounge.net
Wed Apr 23 22:15:12 UTC 2014



Am 23.04.2014 23:52, schrieb Andreas Schulze:
> Reindl Harald:
> 
>> that attacks are not relevant for email because they
>> rely on the way a webbrowser works which is not the
>> case for a mail client - you can't trigger XSS and
>> Ajax in a MUA
> 
> sure, that may be right, but
> 
> We manage numerous public available services. And every time 
> we go through our Qualys reports

https://www.ssllabs.com/ssltest/ just don't alow anything other than
https and port 443 - what reports are you speaking about?

> I have to explain this message from Qualys as not
> relevant/harmless/cannot change

so what - which fools are allowed to audit you while have
no clue what they are talking about?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140424/a048ddb3/attachment.sig>


More information about the dovecot mailing list