Guys I have also failed the PCI test on my SSL enabled postfix and dovecot.
I run TestSSLServer and it says:
CRIME status: vulnerable
I am using Ubuntu 12.04.2 LTS (precise) 64 bit and my openssl version is 1.0.1-4ubuntu5.9.
Is this backported to precise? What is the easiest way to be protected against it? Does the OPENSSL_DEFAULT_ZLIB env variable works on my version?
Guys I have also failed the PCI test on my SSL enabled postfix and dovecot.
I run TestSSLServer and it says:
CRIME status: vulnerable
I am using Ubuntu 12.04.2 LTS (precise) 64 bit and my openssl version is 1.0.1-4ubuntu5.9.
Is this backported to precise? What is the easiest way to be protected against it? Does the OPENSSL_ DEFAULT_ ZLIB env variable works on my version?