OKI enabled the proposed repo and now I got the updated version:
# aptitude show openssl | grep -i version Version: 1.0.1-4ubuntu5.10
But running TestSSLServer against my dovecot pop3s (port 995) I still get that the system is vulnerable to CRIME.
Compression is supposed to be disabled by default and only enabled when you use the OPENSSL_DEFAULT_ZLIB environment variable right?
OKI enabled the proposed repo and now I got the updated version:
# aptitude show openssl | grep -i version
Version: 1.0.1-4ubuntu5.10
But running TestSSLServer against my dovecot pop3s (port 995) I still get that the system is vulnerable to CRIME.
Compression is supposed to be disabled by default and only enabled when you use the OPENSSL_ DEFAULT_ ZLIB environment variable right?