httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cain dickens <caindick...@gmail.com>
Subject Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?
Date Fri, 06 Jun 2014 15:11:21 GMT


On Fri, 2014-06-06 at 09:21 -0500, Tom Browder wrote:
> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.browder@gmail.com> wrote:
> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7.
> > I haven't turned on compression because of all the warnings about
> > CRIME and BREACH.  However, when I run my sites against web site
> > analyzers they always suggest turning on compression.
> >
> > So what is the consensus?
> 
> Ping!  Anyone?
> 
> -Tom
> 
sorry I have no idea.

> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message