This repository has been archived by the owner on Dec 26, 2020. It is now read-only.
Should compression be opt-in? #90
Comments
|
Hi @lpirl, could you please open this issue in the ssh-baseline repository? The settings made in this role are derived from the tests there and this question is much better placed there. |
|
Thanks for the hint @rndmh3ro. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
According to this thread, compression can be vulnerable to CRIME/BREACH attacks (if the encrypted data carries public data as well).
I am not into crypto but I guess compression should be opt-in, at least, shouldn't it?
The text was updated successfully, but these errors were encountered: