INN commit: branches/2.5/doc/pod (inn.conf.pod)

INN Commit rra at isc.org
Sat Jan 10 14:30:09 UTC 2015


    Date: Saturday, January 10, 2015 @ 06:30:09
  Author: iulius
Revision: 9786

Do not mention that TLS compression will be disabled in the next INN release

As the CRIME attack is not exploitable in NNTP, disabling TLS compression
by default is pointless.  No vulnerability in TLS compression is
currently known as far as NNTP is concerned.

Modified:
  branches/2.5/doc/pod/inn.conf.pod

--------------+
 inn.conf.pod |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Modified: inn.conf.pod
===================================================================
--- inn.conf.pod	2015-01-10 14:25:18 UTC (rev 9785)
+++ inn.conf.pod	2015-01-10 14:30:09 UTC (rev 9786)
@@ -1060,7 +1060,8 @@
 =back
 
 Finally, here are the parameters that can be used to tighten the level
-of security provided by TLS/SSL:
+of security provided by TLS/SSL in case new attacks exploitable in NNTP
+on the TLS protocol or some supported cipher suite are discovered:
 
 =over 4
 
@@ -1074,8 +1075,6 @@
 
 Whether to enable or disable SSL/TLS compression support.  This is a
 boolean and the default is true, that is to say compression is enabled.
-(Note that the default value will be false in the next major release
-of INN.)
 
 =item I<tlseccurve>
 



More information about the inn-committers mailing list