Sorry, i replied to wrong thread On Thu, 10 Apr 2014 18:08:05 +0200 Pavel Stano <st...@websupport.sk> wrote:
> Hi, > > yes its the same problem. > I can confirm that it is caused by last line in base64 > attachment which is longer than 72 chars in original message. > > On Thu, 10 Apr 2014 16:41:38 +0200 Reindl Harald > <h.rei...@thelounge.net> wrote: > > > > > > > Am 10.04.2014 15:04, schrieb Andreas Schulze: > > > Our "it-security" department asked me about Qualys warnings like > > > -> SSL/TLS Compression Algorithm Information Leakage > > > Vulnerability > > > > > > As far as I learned it's compression inside ssl. > > > postfix-2.11 knows 'tls_ssl_options = no_compression' > > > ( see http://www.postfix.org/postconf.5.html#tls_ssl_options ) > > > > > > is the something comparable in dovecot too? > > > > > > Looks like most extensions in ssl exist only to be disabled :-/ > > > > that attacks are not relevant for email because they > > rely on the way a webbrowser works which is not the > > case for a mail client - you can't trigger XSS and > > Ajax in a MUA > > > > https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls > > > > >> This year, it's CRIME, a practical attack against how TLS is > > >> used in browsers. In a wider sense, the same attack conceptually > > >> applies to any encrypted protocol where the attacker controls > > >> what is being communicated > > > > > -- [ Ohodnotte kvalitu mailu: http://nicereply.com/websupport/Stano/ ] Pavel Stano | Troubleshooter http://WebSupport.sk *** BERTE A VYCHUTNAVAJTE ***
signature.asc
Description: PGP signature
