Just a FYI that it looks like a 0.6.x version of the
lib will be released v. soon with all that is needed for
the module to work and compile as-is... 1.0.0 will be
released a little bit later which will simply deprecate/remove
the OLD API, which we don't use anyway... That is, the lib
change from
Funny you mention it. Nginx had it first anyways, and was (perhaps still
is) using the deprecated API that dies with libbrotli rev 1.0.0 - part of
that delay might have been affording ngnix a chance to adapt. Versioning
their installed library should allow both to be installed at once.
So...
On Mon, Jan 16, 2017 at 2:28 PM, Evgeny Kotkov
wrote:
>
> There is, however, a potential problem with backporting mod_brotli, since
> it relies on the Brotli library 1.0.0, which has not yet been released.
> In other words, if the upstream changes the API or the
On Thu, Feb 16, 2017 at 2:27 PM, Evgeny Kotkov
wrote:
> William A Rowe Jr writes:
>
>> My open questions; has this been entirely reviewed in conjunction with h2?
>> Will A-E: br,gzip,deflate axe all others from that list when deciding to
>>
William A Rowe Jr writes:
> My open questions; has this been entirely reviewed in conjunction with h2?
> Will A-E: br,gzip,deflate axe all others from that list when deciding to
> enable brotli? (I presume not-yet.) Will gzip filter work where A-E: gzip was
> given without
Whatever... nginx will have it 1st anyway. And once
again we fail our users by having a nickel holding up
a dollar.
> On Feb 16, 2017, at 2:48 PM, William A Rowe Jr wrote:
>
> On Thu, Feb 16, 2017 at 12:47 PM, Jim Jagielski wrote:
>>
>>> On Feb 16, 2017,
On Thu, Feb 16, 2017 at 12:47 PM, Jim Jagielski wrote:
>
>> On Feb 16, 2017, at 1:15 PM, William A Rowe Jr wrote:
>>
>>
>> I concur with Evgeny Kotkov that an ABI stable dependency is appropriate
>> before adding this to httpd 2.4.x - so far as I've read
> On Feb 16, 2017, at 1:15 PM, William A Rowe Jr wrote:
>
>
> I concur with Evgeny Kotkov that an ABI stable dependency is appropriate
> before adding this to httpd 2.4.x - so far as I've read none have suggested
> this as an experimental addition to 2.4.
>
I do. We
To close up some loose ends/confusion;
On Mon, Jan 16, 2017 at 6:42 PM, Jacob Champion wrote:
> On 01/16/2017 04:06 PM, William A Rowe Jr wrote:
>>
>> Before we push this at users.. is there a concern that brotoli
>> compression has similar dictionary or simply size based
Besides, we had no problems supporting OpenSSL 0.9.6 for
years :)
If/when brotli 1.0.0 is released, we simply add support
for that as well. No biggie.
> On Jan 17, 2017, at 8:27 AM, Jim Jagielski wrote:
>
> Actually, it works fine w/ Brotli 0.5.2 which is
> what I have
Actually, it works fine w/ Brotli 0.5.2 which is
what I have installed.
> On Jan 16, 2017, at 3:28 PM, Evgeny Kotkov
> wrote:
>
> Jim Jagielski writes:
>
>> Functional patch avail... working on doccos.
>>
>>
On Mon, 16 Jan 2017 18:06:40 -0600
William A Rowe Jr wrote:
> If so, maybe we teach both to step out of the way when SSL encryption
> filters are in place?
This would make no sense. Brotli is only supported over HTTPS by
browsers.
Compression-based attacks are a tricky
On 01/16/2017 04:42 PM, Jacob Champion wrote:
Current guidance to avoid BREACH is still, AFAIK, to avoid situations
where third-party data is being sent in the same response as first-party
secrets. I don't think we have a way to know when this is happening
...though if the current response is
On 01/16/2017 04:06 PM, William A Rowe Jr wrote:
Before we push this at users.. is there a concern that brotoli
compression has similar dictionary or simply size based vulnerabilities
as deflate?
If you mean HTTP compression oracles (BREACH et al), then I would expect
*any* compression
Before we push this at users.. is there a concern that brotoli compression
has similar dictionary or simply size based vulnerabilities as deflate?
If so, maybe we teach both to step out of the way when SSL encryption
filters are in place?
On Jan 16, 2017 10:14, "Jim Jagielski"
Jim Jagielski writes:
> Functional patch avail... working on doccos.
>
> http://home.apache.org/~jim/patches/brotli-2.4.patch
Hi Jim,
Thank you for the backport patch.
There is, however, a potential problem with backporting mod_brotli, since
it relies on the Brotli
Functional patch avail... working on doccos.
http://home.apache.org/~jim/patches/brotli-2.4.patch
> On Jan 16, 2017, at 11:11 AM, Jim Jagielski wrote:
>
> Just a head's up that I am working on the backport proposal/patch
> for brotli for 2.4.x...
Just a head's up that I am working on the backport proposal/patch
for brotli for 2.4.x...
18 matches
Mail list logo