Frank Liu
February 04, 2020 05:46PM
This is documented. Quote from
http://nginx.org/en/docs/http/ngx_http_gzip_module.html

*When using the SSL/TLS protocol, compressed responses may be subject to
BREACH https://en.wikipedia.org/wiki/BREACH attacks. *

On Tue, Feb 4, 2020 at 1:35 PM Rainer Duffner <rainer@ultra-secure.de>
wrote:

>
>
> Am 04.02.2020 um 21:38 schrieb J.R. <themadbeaker@gmail.com>:
>
> I think you are confusing TLS compression with HTTP compression...
>
>
>
>
> Probably.
> I read that later somewhere else.
>
> I just wonder why it’s lumped-in in testssl.sh.
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

What about BREACH (CVE-2013-3587)?

Anonymous User February 04, 2020 11:18AM

Re: What about BREACH (CVE-2013-3587)?

J.R. February 04, 2020 03:46PM

Re: What about BREACH (CVE-2013-3587)?

Rainer Duffner February 04, 2020 04:36PM

Re: What about BREACH (CVE-2013-3587)?

Frank Liu February 04, 2020 05:46PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 67
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready