程式設計 /z/programming

IngramChen 積分 1

那是 tls compression 吧?

gzip 沒事啊

回應
這是文章的子討論串,你可以回到上層查看所有討論和文章

yllan 積分 1
BREACH1

While CRIME was mitigated by disabling TLS/SPDY compression (and by modifying gzip to allow for explicit separation of compression contexts in SPDY), BREACH attacks HTTP responses. It is important to note that the attack is agnostic to the version of TLS/SSL, and does not require TLS-layer compression. Additionally, the attack works against any cipher suite.

不過仔細看了一下,他的條件是 HTTP body 裡要有 secret 和 user generated data,所以一般沒滿足條件的 JSON 的確沒事。

1
http://breachattack.com
回應