Hello,
On Mon, 21 Feb 2022 at 14:25, Tom Browder <[email protected]> wrote: > > I'm getting ready to try 2.5 HAProxy on my system > and see http comression is recommended. I'm not sure we are actively encouraging to enable HTTP compression. Where did you see this recommendation? > From those sources I thought https should not use compression > because of some known exploit, so I'm not currently using it. You are talking about BREACH [1], and I'm afraid there is no magic fix for that. The mitigations on the BREACH website apply. Lukas [1] http://www.breachattack.com/#mitigations
