TLS-only sites, and use of mod_deflate?

cain dickens Fri, 06 Jun 2014 08:12:46 -0700


On Fri, 2014-06-06 at 09:21 -0500, Tom Browder wrote:
> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7.
> > I haven't turned on compression because of all the warnings about
> > CRIME and BREACH.  However, when I run my sites against web site
> > analyzers they always suggest turning on compression.
> >
> > So what is the consensus?
> 
> Ping!  Anyone?
> 
> -Tom
> 
sorry I have no idea.


> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

Reply via email to