Date: Tue, 22 Feb 2022 22:08:03 +0000 From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 251684] www/apache24: enable mod_brotli by default Message-ID: <bug-251684-16115-3GpUJ7ga8y@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-251684-16115@https.bugs.freebsd.org/bugzilla/> References: <bug-251684-16115@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D251684 Rafael Grether <devnull@apt322.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |devnull@apt322.org --- Comment #1 from Rafael Grether <devnull@apt322.org> --- Despite the mod_brotli is supported by the vast majority of current web browsers, some web applications are vulnerable to an information disclosure attack when a TLS connection carries compressed data, according https://httpd.apache.org/docs/trunk/mod/mod_brotli.html So, for security reasons, I think and suggest mantain brotli module disable= d by default. Manually, you can perform a "make config" and check Brotli support. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-251684-16115-3GpUJ7ga8y>