What about BREACH (CVE-2013-3587)?

rainer at ultra-secure.de rainer at ultra-secure.de
Tue Feb 4 16:17:26 UTC 2020

Previous message (by thread): Using Yubikey/PKCS11 for Upstream Client Certificates
Next message (by thread): What about BREACH (CVE-2013-3587)?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,


testssl.ch still laments about BREACH, when tested against a recent 
nginx 1.16.

Qualys ssllabs doesn't mention it at all.


Is it fixed?

Can you safely enable gzip on ssl-vhosts?




Best Regards
Rainer

Previous message (by thread): Using Yubikey/PKCS11 for Upstream Client Certificates
Next message (by thread): What about BREACH (CVE-2013-3587)?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the nginx mailing list