Konstantin,
On 1/21/13 4:25 AM, Konstantin Kolinko wrote:
> 2012/12/22 Rainer Jung :
>> On 21.12.2012 16:37, Christopher Schultz wrote:
>>> All,
>>>
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
>>>
>>> The enhancement request (marked MAJOR) is to allow the APR connector to
>>> conf
2012/12/22 Rainer Jung :
> On 21.12.2012 16:37, Christopher Schultz wrote:
>> All,
>>
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
>>
>> The enhancement request (marked MAJOR) is to allow the APR connector to
>> configure SSL_OP_NO_COMPRESSION in OpenSSL, disabling SSL compression
>>
On 21.12.2012 16:37, Christopher Schultz wrote:
> All,
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
>
> The enhancement request (marked MAJOR) is to allow the APR connector to
> configure SSL_OP_NO_COMPRESSION in OpenSSL, disabling SSL compression
> even when it is supported by th
All,
On 12/21/12 10:37 AM, Christopher Schultz wrote:
> Since this is security-related, my preference is to disable SSL
> compression /by default/ and allow users to specifically enable it if
> necessary. But, this represents a change in default so I figured I'd ask.
One more note which reverses
All,
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
The enhancement request (marked MAJOR) is to allow the APR connector to
configure SSL_OP_NO_COMPRESSION in OpenSSL, disabling SSL compression
even when it is supported by the client. This prevents CRIME attacks.
My question is whether
