Re: patch: mitigate CRIME attack

I'm confident our auditors will understand and accept the argumentation. The finding comes from an automated scan. It's good to know 2.11 will include the ability to disable compression. Maybe I'll inform Ubuntu package maintainers about my patch, in case there is rising demand for jumping throug

Re: patch: mitigate CRIME attack

Thank you Wietse and Viktor for your clarifications. I admit, there's absolutely no need for the patch past Postfix 2.8 with OpenSSL 1.x. Andreas

patch: mitigate CRIME attack

Hi, our latest external PCI scan found SSL-enabled Postfix SMTP servers (2.7.0 running on Ubuntu 10.04 LTS) vulnerable to SSL CRIME attacks . I've ported Apache httpd patch to P