httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <tom.brow...@gmail.com>
Subject Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?
Date Fri, 06 Jun 2014 15:35:09 GMT
On Fri, Jun 6, 2014 at 10:16 AM, Jeff Trawick <trawick@gmail.com> wrote:
>> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.browder@gmail.com> wrote:
>> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7.
>> > I haven't turned on compression because of all the warnings about
>> > CRIME and BREACH.  However, when I run my sites against web site
>> > analyzers they always suggest turning on compression.
>> >
>> > So what is the consensus?
...
> I think the free "OpenSSL cookbook" part of Ivan Ristić's guide addresses
> some of your question.  There's also an Apache-specific chapter of the big
> book which I haven't looked at.

Thanks, Jeff--I forgot about Ivan's book!

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message