httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53219] mod_ssl should allow to disable ssl compression
Date Thu, 13 Sep 2012 18:25:25 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53219

Reed Loden <reed@reedloden.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |reed@reedloden.com

--- Comment #6 from Reed Loden <reed@reedloden.com> ---
(In reply to comment #5)
> Leaving open for possible back port to 2.2.

Considering the potential of abuse of SSL/TLS compression by the new CRIME
attack
(https://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312),
can this back port request be prioritized and completed so folks can easily
disable SSL/TLS compression if needed? Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message