On Tue, Feb 26, 2013 at 4:04 PM, Mark Thomas wrote:
> On 26/02/2013 03:09, Robert Klemme wrote:
>> So one solution would be to remove APR lib from the system.
>
> Yes, although you will see performance for SSL drop.
Yes, of course. That's not important in our case.
>> export OPENSSL_NO_DEFAULT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/26/13 7:04 AM, Mark Thomas wrote:
> On 26/02/2013 03:09, Robert Klemme wrote:
>>
>> I found that but wasn't aware that this is actually used in
>> Tomcat.
>
> SSLDisableCompression on the APR connector as of 7.0.37
>
>>> There is no 6.
On 26/02/2013 03:09, Robert Klemme wrote:
On Tue, Feb 26, 2013 at 2:27 AM, Mark Thomas wrote:
On 25/02/2013 08:42, Robert Klemme wrote:
I have been confronted with a Nessus scan result which claims
vulnerability to exploit "TLS CRIME". Plugin 62565 allegedly has found
this and the report sta
Hi Mark,
thank you for the feedback!
On Tue, Feb 26, 2013 at 2:27 AM, Mark Thomas wrote:
> On 25/02/2013 08:42, Robert Klemme wrote:
>>
>> Hi there,
>>
>> I have been confronted with a Nessus scan result which claims
>> vulnerability to exploit "TLS CRIME". Plugin 62565 allegedly has found
>> th
On 25/02/2013 08:42, Robert Klemme wrote:
Hi there,
I have been confronted with a Nessus scan result which claims
vulnerability to exploit "TLS CRIME". Plugin 62565 allegedly has found
this and the report states:
"The remote service has one of two configurations that are known to be
required fo
Hi there,
I have been confronted with a Nessus scan result which claims
vulnerability to exploit "TLS CRIME". Plugin 62565 allegedly has found
this and the report states:
"The remote service has one of two configurations that are known to be
required for the CRIME attack:
- SSL / TLS compression
