[openssl-dev] removing compression?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: [openssl-dev] removing compression?
From: kurt@xxxxxxxxx (Kurt Roeckx)
Date: Sat, 4 Apr 2015 16:08:11 +0200
In-reply-to: <c8196ce45dee430797666b37f5ebd4a5@ustx2ex-dag1mb2.msg.corp.akamai.com>
References: <c8196ce45dee430797666b37f5ebd4a5@ustx2ex-dag1mb2.msg.corp.akamai.com>

On Fri, Apr 03, 2015 at 07:53:59PM +0000, Salz, Rich wrote:
> 
> And the best practice these days is to do it at the application
> layer, and feed the compressed bytes down to TLS.

The BREACH attack makes use of that.


Kurt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

References:
- removing compression?
  - From: Salz, Rich

Prev by Date: HTTP / HTTPS on same port
Next by Date: [openssl-dev] removing compression?
Previous by thread: removing compression?
Next by thread: [openssl-dev] removing compression?
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]

Powered by Linux