https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
Mark Thomas changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
--- Comment #6 from Mark Thomas ---
I have no strong view either way (although I am open to being persuaded one way
or the other). I've asked the user community for their views.
--
You are receiving this mail because:
You are the assignee for
https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
--- Comment #5 from Craig ---
I don't think BEAST is still relevant, see
https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat for a
details explanation.
So I still suggest that Tomcat change the default to enable HTTP response
co
https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
--- Comment #4 from Craig ---
>
> CRIME, BREACH.
>
CRIME is a vulnerability that applies to TLS compression - I'm not suggesting
here that TLS compression be used (it was actually removed in TLS 1.3). So I
don't believe CRIME is relevant.
BR
https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
--- Comment #3 from Christopher Schultz ---
(In reply to Craig from comment #2)
> (In reply to Remy Maucherat from comment #1)
> > I'd likely vote no to this proposal.
>
> For posterity, why not?
CRIME, BREACH.
I'm in favor of HTTP compressi
https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
--- Comment #2 from Craig ---
(In reply to Remy Maucherat from comment #1)
> I'd likely vote no to this proposal.
For posterity, why not?
>It is not a bug, anyway.
I filed it as an "enhancement" not a bug - was that not the right thing? If
n
https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
Remy Maucherat changed:
What|Removed |Added
Severity|normal |enhancement
--- Comment #1 from Remy
https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
Craig changed:
What|Removed |Added
CC||candr...@integralblue.com
--
You are receivin