Andreas Schulze wrote:
Reindl Harald:
https://www.ssllabs.com/ssltest/ just don't alow anything other than
https and port 443 - what reports are you speaking about?
your free to configure pop3s/imaps/ssmtp on the "nonstandard" port 443
I have to explain this message from Qualys as not
relevant/harmless/cannot change
so what - which fools are allowed to audit you while have
no clue what they are talking about?
Qualys, they have more services than ssllabs.com
see andreasschulze.de/tmp/qualys-id-38599.jpg
Andreas
Well they seem to know what they are talking about. The description of
the threat in linked screenshot says "attacker needs to have ability to
submit any plain text"
The more interesting question is why do you need to explain to your
it-security people that compression in POP3 is not vulnerable to this
attack. I mean if they're in charge of security, the really should know
that.
