It says in the mean time it's good to disable SSL compression in the webserver.
How can I do that with webmin webserver?

On Sat, Jan 5, 2013 at 2:49 PM, Fajar Priyanto <> wrote:
Hi Jamie,
Sorry took some time for me to upgrade it. It's on 1.610 now, also I've set it to  "Use only PCI-compliant ciphers". But same result from the Nessus scan.
No workaround from Google so far :(

On Fri, Dec 21, 2012 at 12:09 PM, Jamie Cameron <> wrote:

You might want to try upgrading to Webmin 1.610. Also, at Webmin -> Webmin Configuration -> SSL Encryption, try selecting "Use only PCI-compliant ciphers"

  - Jamie

On 20/Dec/2012 17:27 Fajar Priyanto <> wrote ..

Hi all,
Nessus says my Webmin 1.580 is vulnerable of CRIME attack because of TLS/SSL compression is enabled. How do I remedy it? I cannot see any options for this in configuration menu.
From Google looks like I can use SSLCompression off in httpd.conf?

This is the Nessus scan result:
TLS CRIME Vulnerability

Synopsis :

The remote service has a configuration that may make it vulnerable to
the CRIME attack.

Description :

The remote service has one of two configurations that are known to be
required for the CRIME attack:

- SSL / TLS compression is enabled.

- TLS advertises the SPDY protocol earlier than version 4.

Note that Nessus did not attempt to launch the CRIME attack against the remote service.

See also :

Solution :

Disable compression and / or the SPDY service.

Plugin Output :

The following configuration indicates that the remote service
may be vulnerable to the CRIME attack :

- SSL / TLS compression is enabled.


BID 55704
BID 55707

Other References :

Nessus Plugin ID : 62565

Thank you.
To dream and to write ^^

LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
Forwarded by the Webmin mailing list at
To remove yourself from this list, go to

To dream and to write ^^

To dream and to write ^^