[Bug 1068854] Re: Support option to disable TLS compression to protect against CRIME attack
Reed Loden
reed at reedloden.com
Fri Oct 19 21:17:50 UTC 2012
Note that Red Hat already supports a workaround [0] that allows for
disabling zlib at the OpenSSL layer, which prevents TLS compression
working in Apache. As far as I am aware, no such option exists for
Ubuntu, leaving users vulnerable until a new package is available.
[0] https://bugzilla.redhat.com/show_bug.cgi?id=857051#c5
** Bug watch added: Red Hat Bugzilla #857051
https://bugzilla.redhat.com/show_bug.cgi?id=857051
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression to protect against CRIME
attack
To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1068854/+subscriptions
More information about the Ubuntu-server-bugs
mailing list