Comment 7 for bug 1187195

OKI enabled the proposed repo and now I got the updated version:

# aptitude show openssl | grep -i version
Version: 1.0.1-4ubuntu5.10

But running TestSSLServer against my dovecot pop3s (port 995) I still get that the system is vulnerable to CRIME.

Compression is supposed to be disabled by default and only enabled when you use the OPENSSL_DEFAULT_ZLIB environment variable right?