httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Benfell <benf...@parts-unknown.org>
Subject Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?
Date Fri, 06 Jun 2014 23:07:36 GMT
On Fri, Jun 06, 2014 at 09:21:20AM -0500, Tom Browder wrote:
> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.browder@gmail.com> wrote:
> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7.
> > I haven't turned on compression because of all the warnings about
> > CRIME and BREACH.  However, when I run my sites against web site
> > analyzers they always suggest turning on compression.
> >
> > So what is the consensus?
> 
> Ping!  Anyone?
> 

The site that seems authoritative for testing SSL is
https://www.ssllabs.com/ssltest/

-- 
David Benfell <benfell@parts-unknown.org>
See https://parts-unknown.org/node/2 if you don't understand the
attachment.

Mime
View raw message