I got the following warning from our security scanner:
TLS CRIME Vulnerability
Synopsis :
The remote service has a configuration that may make it vulnerable to
the CRIME attack.
Description :
The remote service has one of two configurations that are known to be
required for the CRIME attack:
- SSL / TLS compression is enabled.
- TLS advertises the SPDY protocol earlier than version 4.
Note that Nessus did not attempt to launch the CRIME attack against the
remote service.
Solution :
Disable compression and / or the SPDY service.
Plugin Output :
The following configuration indicates that the remote service
may be vulnerable to the CRIME attack :
- SSL / TLS compression is enabled.
How do I disable SSL / TLS compression on ESXi 4.1?