httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <tom.brow...@gmail.com>
Subject [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?
Date Fri, 06 Jun 2014 14:21:20 GMT
On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.browder@gmail.com> wrote:
> I have several SSL/TLS-only virtual sites running under Apache 2.4.7.
> I haven't turned on compression because of all the warnings about
> CRIME and BREACH.  However, when I run my sites against web site
> analyzers they always suggest turning on compression.
>
> So what is the consensus?

Ping!  Anyone?

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message