AnsweredAssumed Answered

ssllabs test returns CRIME attack, but openssl returns Compression: NONE

Question asked by j-mailor on Apr 18, 2016
Latest reply on May 6, 2016 by j-mailor

Hi,

I have checked one of our servers on www.sslabs.com and dev.sslabs.com and both report "This servers does not mitigate the CRIME attack".

 

If I understand correctly CRIME attack is possible if TLS Compression is turned on. I checked if TLS compression is on with command:

echo | openssl s_client -connect myserver.mydomain.com:443 2>/dev/null | grep -i "Compression"

 

and it returns:

Compression: NONE

 

Is there something else this test is checking? Is there maybe some false positive?

 

P.S. I can send private message of server name.

Regards

c.png

Outcomes