Ubuntu
apache2 package

Comment 35 for bug 1068854

Revision history for this message

In Apache Software Foundation Bugzilla #53219, Reed Loden (reed) wrote on 2012-09-13:

#35

(In reply to comment #5)
> Leaving open for possible back port to 2.2.

Considering the potential of abuse of SSL/TLS compression by the new CRIME attack (https://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312), can this back port request be prioritized and completed so folks can easily disable SSL/TLS compression if needed? Thanks!