--- Comment #18 from Gabriel Wicke <> ---
@Ori, ah, I see. I guess a backport or the next Ubuntu LTS upgrade (three
months from now?) could help here.

@Faidon: Is the main complication becoming tied to nginx? With SPDY being an
application-level protocol I would be surprised if it affected TLS layer

@Roan: According to [1] "The nginx web-server was not vulnerable to CRIME since
1.0.9/1.1.6 (October/November 2011) using OpenSSL 1.0.0+, and since 1.2.2/1.3.2
(June / July 2012) using all versions of OpenSSL". Disabling header compression
sounds like a prudent measure though. Even without header compression SPDY
saves bandwidth by avoiding re-sending identical headers for each request.

According to [2] BREACH is not specific to SPDY; it rather applies to all uses
of TLS.


You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to