On Nov 12, Thijs Kinkhorst <thijs@debian.org> wrote: > Can you remove SSLv3 from the default list? I do not know the implications wrt clients support. Christian, did you do any tests? > >> +=item I<tlscompression> > >> +Whether to enable or disable TLS compression support (boolean). The > >> +default is true. > Can we default this to false? This is not really useful because CRIME cannot be exploited over NNTP. -- ciao, Marco
Attachment:
pgp6_z9WbOVRt.pgp
Description: PGP signature