Roan Kattouw <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #20 from Roan Kattouw <> ---
(In reply to comment #18)
> @Roan: According to [1] "The nginx web-server was not vulnerable to CRIME
> since
> 1.0.9/1.1.6 (October/November 2011) using OpenSSL 1.0.0+, and since
> 1.2.2/1.3.2
> (June / July 2012) using all versions of OpenSSL". Disabling header
> compression
> sounds like a prudent measure though. Even without header compression SPDY
> saves bandwidth by avoiding re-sending identical headers for each request.
Which I believe is what HTTP 2.0 does too: only send modified headers, but
don't compress their contents.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to