Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: users@xxxxxxxxxxxxxxxx
- Subject: Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?
- From: David Benfell <benfell@xxxxxxxxxxxxxxxxx>
- Date: Fri, 6 Jun 2014 16:07:36 -0700
- In-reply-to: <CAFMGiz9q=q84fDVNoXTco6zHgbwbVocEwtAaee8=66gsN1PJJg@mail.gmail.com>
- Reply-to: users@xxxxxxxxxxxxxxxx
- User-agent: Mutt/1.5.23 (2014-03-12)
On Fri, Jun 06, 2014 at 09:21:20AM -0500, Tom Browder wrote:
> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.browder@xxxxxxxxx> wrote:
> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7.
> > I haven't turned on compression because of all the warnings about
> > CRIME and BREACH. However, when I run my sites against web site
> > analyzers they always suggest turning on compression.
> >
> > So what is the consensus?
>
> Ping! Anyone?
>
The site that seems authoritative for testing SSL is
https://www.ssllabs.com/ssltest/
--
David Benfell <benfell@xxxxxxxxxxxxxxxxx>
See https://parts-unknown.org/node/2 if you don't understand the
attachment.
Attachment:
pgpzizTjj1YBG.pgp
Description: PGP signature
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
