However, in practice, you... «High Performance Browser Networking: What every web developer should know about networking and web performance»

However, in practice, you should disable TLS compression on your server for several reasons: The “CRIME” attack, published in 2012, leverages TLS compression to recover secret authentication cookies and allows the attacker to perform session hijacking. Transport-level TLS compression is not content aware and will end up attempting to recompress already compressed data (images, video, etc.). Double compression will waste CPU time on both the server and the client, and the security breach implications are quite serious: disable TLS compression.

High Performance Browser Networking: What every web developer should know about networking and web performance

Ilya Grigorik

4,8

Предыдущая цитата Следующая цитата Перейти в раздел цитаты

Главная 📚 High Performance Browser Networking: What every web developer should know about networking and web performance Цитаты