AnsweredAssumed Answered

ssllabs test returns CRIME attack, but openssl returns Compression: NONE

Question asked by j-mailor on Apr 18, 2016
Latest reply on May 6, 2016 by j-mailor


I have checked one of our servers on and and both report "This servers does not mitigate the CRIME attack".


If I understand correctly CRIME attack is possible if TLS Compression is turned on. I checked if TLS compression is on with command:

echo | openssl s_client -connect 2>/dev/null | grep -i "Compression"


and it returns:

Compression: NONE


Is there something else this test is checking? Is there maybe some false positive?


P.S. I can send private message of server name.