httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53219] mod_ssl should allow to disable ssl compression
Date Mon, 08 Oct 2012 00:55:18 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53219

--- Comment #10 from Christoph Anton Mitterer <calestyo@scientia.net> ---
Hi.

It's good to see this backported...

However,... I'm a bit concerned...

As far as I understood,... _ALL_ versions of SSL/TLS are vulnerable to the
CRIME attack, right?

So why is compression not forcefully disabled? Not with respect to speed (as
originally intended by Björn) but to security.

If newer versions of TLS should fix the attack.... one could allow them to
select whether compression should be used or not.

Ideas?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message