On Fri, Jun 6, 2014 at 10:16 AM, Jeff Trawick <trawick@xxxxxxxxx> wrote: >> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.browder@xxxxxxxxx> wrote: >> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. >> > I haven't turned on compression because of all the warnings about >> > CRIME and BREACH. However, when I run my sites against web site >> > analyzers they always suggest turning on compression. >> > >> > So what is the consensus? ... > I think the free "OpenSSL cookbook" part of Ivan Ristić's guide addresses > some of your question. There's also an Apache-specific chapter of the big > book which I haven't looked at. Thanks, Jeff--I forgot about Ivan's book! Best regards, -Tom --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|