On Fri, Jun 6, 2014 at 10:35 AM, Tom Browder <tom.browder@xxxxxxxxx> wrote: > On Fri, Jun 6, 2014 at 10:16 AM, Jeff Trawick <trawick@xxxxxxxxx> wrote: >>> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.browder@xxxxxxxxx> wrote: >>> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. >>> > I haven't turned on compression because of all the warnings about >>> > CRIME and BREACH. However, when I run my sites against web site >>> > analyzers they always suggest turning on compression. >>> > >>> > So what is the consensus? > ... >> I think the free "OpenSSL cookbook" part of Ivan Ristić's guide addresses >> some of your question. There's also an Apache-specific chapter of the big >> book which I haven't looked at. > Thanks, Jeff--I forgot about Ivan's book! Actually, I also forgot about the Qualys site altogether! And I think this is the answer: https://community.qualys.com/message/20404#20404 Note also the site has a wonderful (and free) SSL/TLS checker I have use a lot in the past: https://www.ssllabs.com/ssltest/ Best, -Tom --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|