[Dovecot] dovecot: disable ssl compression
Andreas Schulze
sca at andreasschulze.de
Tue May 20 19:49:06 UTC 2014
Jiri Bourek:
> Well they seem to know what they are talking about. The description
> of the threat in linked screenshot says "attacker needs to have
> ability to submit any plain text"
I wrote the attached patch to add SSL_OP_NO_COMPRESSION to dovecot.
Looks not perfect but definitly works.
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: disable_tls_compression.patch
Type: text/x-diff
Size: 2039 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140520/f208a8da/attachment.bin>
More information about the dovecot
mailing list