[users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: users@xxxxxxxxxxxxxxxx
- Subject: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?
- From: Tom Browder <tom.browder@xxxxxxxxx>
- Date: Fri, 6 Jun 2014 09:21:20 -0500
- In-reply-to: <CAFMGiz_1F5MPj+DSEHoLSR-t6=nbHDF56jrnVee5UyP9azSsvQ@mail.gmail.com>
- Reply-to: users@xxxxxxxxxxxxxxxx
On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.browder@xxxxxxxxx> wrote:
> I have several SSL/TLS-only virtual sites running under Apache 2.4.7.
> I haven't turned on compression because of all the warnings about
> CRIME and BREACH. However, when I run my sites against web site
> analyzers they always suggest turning on compression.
>
> So what is the consensus?
Ping! Anyone?
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
