Guys I have also failed the PCI test on my SSL enabled postfix and dovecot.
I run TestSSLServer and it says: CRIME status: vulnerable I am using Ubuntu 12.04.2 LTS (precise) 64 bit and my openssl version is 1.0.1-4ubuntu5.9. Is this backported to precise? What is the easiest way to be protected against it? Does the OPENSSL_DEFAULT_ZLIB env variable works on my version? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1187195 Title: OpenSSL site-wide compression disable tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1187195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
