httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hanno Böck <>
Subject Re: FYI brotli
Date Tue, 17 Jan 2017 12:42:14 GMT
On Mon, 16 Jan 2017 18:06:40 -0600
William A Rowe Jr <> wrote:

> If so, maybe we teach both to step out of the way when SSL encryption
> filters are in place?

This would make no sense. Brotli is only supported over HTTPS by

Compression-based attacks are a tricky problem, however someone has yet
to show that they are abused in practice. But preventing deployment of a
new compression algorithm doesn't help. You'd have to disable
compression altogether to avoid them.

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

View raw message