On Thu 30/Mar/2017 12:58:26 +0200 Sam Varshavchik wrote:
> Alessandro Vesely writes:
>
>> SSL/TLS compression Yes INSECURE (more info)
>> [(more
>> info)->https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls]
>>
>>
>> I note the
Alessandro Vesely writes:
SSL/TLS compression Yes INSECURE (more info)
[(more info)->https://community.qualys.com/blogs/securitylabs/
2012/09/14/crime-information-leakage-attack-against-ssltls]
I note the TLS_COMPRESSION option has gone away. Are there other TLS
options worth trying
Thank you Szépe, I tried that last week and it was bad enough to convince me to
recompile the whole lot --something I had been procrastinating for a while. It
is a Debian with OpenSSL 1.0.1t.
Testing the new code, without TLS-specific settings, I got again logged on the
/recent worst/ table