On Wed, November 12, 2014 14:29, Marco d'Itri wrote: > On Nov 12, Thijs Kinkhorst <th...@debian.org> wrote: > >> Can you remove SSLv3 from the default list? > I do not know the implications wrt clients support. > Christian, did you do any tests? > >> >> +=item I<tlscompression> >> >> +Whether to enable or disable TLS compression support (boolean). The >> >> +default is true. >> Can we default this to false? > This is not really useful because CRIME cannot be exploited over NNTP.
Indeed. So that's not really necessary then. Thijs -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/57e8635742a2dde3b9122e11d2b50aa3.squir...@aphrodite.kinkhorst.nl