Well it started with the docs for 2.4 and mod_deflate. Therein is this, quote: =====>
Compression and TLS
Some web applications are vulnerable to an information disclosure attack when a TLS connection carries deflate compressed data. For more information, review the details of the "BREACH" family of attacks.
<===== End quote.
I searched for the doc reference "BREACH" + "attack" and got several hits such as: TLSv1.3 has a post-handshake problem
And an excerpt from it, quote: =====>
CRIME and TIME
CRIME (Compression Ratio Info-leak Made Easy) is a cross-layer protocol attack that includes a compression side-channel attack against HTTPS. It leverages information leaked by TLS compression on messages sent from the client to the server. CRIME can recover targeted parts of the plaintext given a MiTM access.
In March 2013 at the Black Hat (EU), Tal Be’ery presented an extension of CRIME named TIME. It debuted two new enhancements: it used CRIME for server-to-client messages and did not require a MiTM situation by exploiting TCP window sizes. The first of these two modifications gave rise to BREACH (see further down).
THE FIX: CRIME is ineffective against TLS 1.3 because TLS 1.3 disables TLS-level compression.
To verify if a server is vulnerable to CRIME on port 443:
openssl s_client -connect
domainname.com:443
In the output of this command, look for TLS compression; if enabled, the server is vulnerable to CRIME.
