[openssl-dev] removing compression?

Kurt Roeckx kurt at roeckx.be
Sat Apr 4 14:08:11 UTC 2015

Previous message: [openssl-dev] removing compression?
Next message: [openssl-dev] removing compression?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 03, 2015 at 07:53:59PM +0000, Salz, Rich wrote:
> 
> And the best practice these days is to do it at the application
> layer, and feed the compressed bytes down to TLS.

The BREACH attack makes use of that.


Kurt

Previous message: [openssl-dev] removing compression?
Next message: [openssl-dev] removing compression?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssl-dev mailing list