[openssl-users] [openssl-dev] removing compression?

Kurt Roeckx kurt at roeckx.be
Sat Apr 4 14:08:11 UTC 2015


On Fri, Apr 03, 2015 at 07:53:59PM +0000, Salz, Rich wrote:
> 
> And the best practice these days is to do it at the application
> layer, and feed the compressed bytes down to TLS.

The BREACH attack makes use of that.


Kurt



More information about the openssl-users mailing list