Alessandro Vesely writes:
SSL/TLS compression Yes INSECURE (more info)[(more info)->https://community.qualys.com/blogs/securitylabs/ 2012/09/14/crime-information-leakage-attack-against-ssltls]I note the TLS_COMPRESSION option has gone away. Are there other TLS options worth trying to remove compression?
The only known issue with TLS compression is when it is also used by web servers that also implement SPDY, and its own built-in compression.
You have to read https://en.wikipedia.org/wiki/CRIME very carefully.
pgpg2nKsVdOi7.pgp
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
