On Monday 08 October 2012, Roy T. Fielding wrote:
On Oct 7, 2012, at 6:05 PM, Eric Covener wrote:
Any opinions on the default change? AIUI current maintenance of
browsers have disabled TLS compression already, because they can
be driven to generate arbitrary traffic that eventually reveals
, Oct 7, 2012 at 8:55 PM
Subject: [Bug 53219] mod_ssl should allow to disable ssl compression
To: b...@httpd.apache.org
https://issues.apache.org/bugzilla/show_bug.cgi?id=53219
--- Comment #10 from Christoph Anton Mitterer cales...@scientia.net ---
Hi.
It's good to see this backported
On Oct 7, 2012, at 6:05 PM, Eric Covener wrote:
Any opinions on the default change? AIUI current maintenance of
browsers have disabled TLS compression already, because they can be
driven to generate arbitrary traffic that eventually reveals httpOnly
session cookies.
Just disable it