Ubuntu
apache2 package

  1. Bug #1068854
  2. Comment #8

Comment 8 for bug 1068854

Revision history for this message
In , Vincent (vincent-redhat-bugs) wrote :

GNUTLS-SA-2012-4 notes the CRIME attack:

http://www.gnu.org/software/gnutls/security.html

and indicates that GnuTLS does not enable compression by default. It also indicates that if compression is enabled, use the CBC ciphers which, while not mitigating the attack, make it substantially harder to succeed.