Hi Mark,
thank you for the feedback!
On Tue, Feb 26, 2013 at 2:27 AM, Mark Thomas ma...@apache.org wrote:
On 25/02/2013 08:42, Robert Klemme wrote:
Hi there,
I have been confronted with a Nessus scan result which claims
vulnerability to exploit TLS CRIME. Plugin 62565 allegedly has found
On 26/02/2013 03:09, Robert Klemme wrote:
On Tue, Feb 26, 2013 at 2:27 AM, Mark Thomas ma...@apache.org wrote:
On 25/02/2013 08:42, Robert Klemme wrote:
I have been confronted with a Nessus scan result which claims
vulnerability to exploit TLS CRIME. Plugin 62565 allegedly has found
this and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/26/13 7:04 AM, Mark Thomas wrote:
On 26/02/2013 03:09, Robert Klemme wrote:
I found that but wasn't aware that this is actually used in
Tomcat.
SSLDisableCompression on the APR connector as of 7.0.37
There is no 6.0.x release
On Tue, Feb 26, 2013 at 4:04 PM, Mark Thomas ma...@apache.org wrote:
On 26/02/2013 03:09, Robert Klemme wrote:
So one solution would be to remove APR lib from the system.
Yes, although you will see performance for SSL drop.
Yes, of course. That's not important in our case.
export
Hi there,
I have been confronted with a Nessus scan result which claims
vulnerability to exploit TLS CRIME. Plugin 62565 allegedly has found
this and the report states:
The remote service has one of two configurations that are known to be
required for the CRIME attack:
- SSL / TLS compression is
On 25/02/2013 08:42, Robert Klemme wrote:
Hi there,
I have been confronted with a Nessus scan result which claims
vulnerability to exploit TLS CRIME. Plugin 62565 allegedly has found
this and the report states:
The remote service has one of two configurations that are known to be
required for
