> Overall, I don't think there is a big difference here. All I can say is that the hardest part of pulling off that type of attack is guessing the length correctly. If you want to make that job marginally easier, that's fine by me :)
> It won't, because "-C" is a non-portable flag provided by a Debian-specific patch. There is a CRLF option for nmap-ncat, openbsd netcat, and netcat-traditional, as well as whatever nc ships with macOS. GNU netcat doesn't support it, but it's unmaintained anyway. > And even if it will work for some, this will still complicate testing. Most of the tests already use CRLF appropriately. Test cases that use bare LF in chunks are inadvertently also testing an Nginx quirk in addition to what they are intending to test, which is probably undesirable. -Ben _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel