[patch] more TLS configuration options for nnrpd
eagle at eyrie.org
Sun Nov 9 17:16:15 UTC 2014
Johan van Selst <johans at stack.nl> writes:
> I like having control for TLS settings; although sensible defaults are
> generally much more impportant. But I do not understand why this
> specific compression setting is unconditional. To exploit CRIME requires
> a huge amount of carefully triggered, very similar, but slightly
> different server responses. I see no way to exploit this in the Netnews
There are several places where the server will echo back a message ID
given as input. LIST ACTIVE on a bunch of group names in the same
hierarchy might do it as well. I'm not sure how close the responses need
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers