Konstantin,
On 1/21/13 4:25 AM, Konstantin Kolinko wrote:
2012/12/22 Rainer Jung rainer.j...@kippdata.de:
On 21.12.2012 16:37, Christopher Schultz wrote:
All,
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
The enhancement request (marked MAJOR) is to allow the APR connector to
2012/12/22 Rainer Jung rainer.j...@kippdata.de:
On 21.12.2012 16:37, Christopher Schultz wrote:
All,
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
The enhancement request (marked MAJOR) is to allow the APR connector to
configure SSL_OP_NO_COMPRESSION in OpenSSL, disabling SSL
All,
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
The enhancement request (marked MAJOR) is to allow the APR connector to
configure SSL_OP_NO_COMPRESSION in OpenSSL, disabling SSL compression
even when it is supported by the client. This prevents CRIME attacks.
My question is
All,
On 12/21/12 10:37 AM, Christopher Schultz wrote:
Since this is security-related, my preference is to disable SSL
compression /by default/ and allow users to specifically enable it if
necessary. But, this represents a change in default so I figured I'd ask.
One more note which reverses my
On 21.12.2012 16:37, Christopher Schultz wrote:
All,
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
The enhancement request (marked MAJOR) is to allow the APR connector to
configure SSL_OP_NO_COMPRESSION in OpenSSL, disabling SSL compression
even when it is supported by the