Re: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?

I've seen pound has this issue, sites which use pound as proxy need to restart pound manually, before that is done it doesnt use the newly installed openssl. 2014-04-09 09:51, Henrik Ahlgren skrev: On Tue, Apr 08, 2014 at 08:24:52PM +0200, Salvatore Bonaccorso wrote: Yes this is unfortunately

pound: TLS compression is insecure (CRIME attack) and can't be disabled

Hi this is still an issue with Pound: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727197 I'm now using stable wheezy version: Package: pound Version: 2.6-2 And hosting an SSL-cert with pound results in: This server does not mitigate the CRIME attack. Grade capped to B. when testing with:

About adding security.debian.org ipv6 to iptables, which range should we add?

Hi now and again we get a timeout when looking up security.debian.org while running apt-get update. We have traced it to the ipv6's we get. It seems like they change (and as ipv6 have prio over ipv4 we are affected) Which ipv6 range should we open for in iptables to have full access to security