On Mon, Aug 19, 2013 at 2:04 AM, Igor Sysoev <[email protected]> wrote: > Incorrect. > > CRIME attacks a vulnerability in the implementation of SSLv3 and TLS1.0 > using CBC flaw: the IV was guessable. Hte other vulnerability was a > facilitator to inject automatically arbitrary content (so attackers could > inject what they wish to make their trail-and-error attack). > CRIME conclusion is: use TLS v1.1 or later (not greater than v1.2 for now). > > > You probably mix up it with BEAST. >
You're right. I mixed up things... --- *B. R.*
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
