On Fri, Jun 6, 2014 at 10:21 AM, Tom Browder <tom.brow...@gmail.com> wrote:
> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder <tom.brow...@gmail.com> wrote: > > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. > > I haven't turned on compression because of all the warnings about > > CRIME and BREACH. However, when I run my sites against web site > > analyzers they always suggest turning on compression. > > > > So what is the consensus? > > Ping! Anyone? > I think the free "OpenSSL cookbook" part of Ivan Ristić's guide addresses some of your question. There's also an Apache-specific chapter of the big book which I haven't looked at. See http://blog.ivanristic.com/2014/05/bulletproof-update-may-deployment-and-performance.html > > -Tom > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Born in Roswell... married an alien... http://emptyhammock.com/ http://edjective.org/
