disable ssl compression to mitigate the BEAST attack
Bug #1073603 reported by
seph
This bug report is a duplicate of:
Bug #1068854: Support option to disable TLS compression to protect against CRIME attack.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apache2 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Apache 2.2 is vulnerable to the CRIME attack. While modern browsers are not vulnerable to this. older browsers are. And various compliance scans will check for it.
Apache's bug report -- https:/
| information type: | Private Security → Public Security |
Revision history for this message
| Robie Basak (racb) wrote | #1 |
To post a comment you must log in.
Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1068854, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.