CRIME TLS Compression Vulnerability with PGP Universal Server

Created: 22 Oct 2012 | 1 comment

Jef-

We are running PGP Universal Server 3.2.1 (Build 4940) and it seems that this server is vulnerable to the new CRIME TLS Compression vulnerability. Has PGP addressed this issue with a patch? A possible workaround for this is to disable TLS Compression. I have looked through the settings of our server and do not see a way to do that. Does anyone have a solution to this problem?

If you scan your PGP server with this site or any security vulnerability application you will get more details about the vulnerability. https://www.ssllabs.com/ssltest/index.html

Thanks

Discussion Filed Under:

Security, PGP Universal Servers and KMS, IT Risk Management, Malicious Code, Security Risks, Vulnerabilities & Exploits, Troubleshooting

Comments RSS Feed

Comments 1 Comment • Jump to latest comment

Alex_CST Partner Accredited

CRIME TLS Compression Vulnerability with PGP Universal Server - Comment:23 Oct 2012 : Link

This will have to be a reconfiguration of Tomcat & Apache as there are fixes for both by Apache are already out in the aether.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

CRIME TLS Compression Vulnerability with PGP Universal Server

Comments 1 Comment • Jump to latest comment

Would you like to reply?

Links