This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote service has a configuration that may make it vulnerable to
the CRIME attack.
The remote service has one of two configurations that are known to be
required for the CRIME attack :
- SSL / TLS compression is enabled.
- TLS advertises the SPDY protocol earlier than version 4.
Note that Nessus did not attempt to launch the CRIME attack against the
See also :
Disable compression and / or the SPDY service.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true