|
Title: Fix website TLS Post by: moni3z on January 26, 2014, 12:02:51 AM Possible if you could fix your TLS to disable the CRIME attack (disable TLS compression), and enable TLSv1.2 or at least TLSv1.1 ?
Weak DES ciphers like TLS_RSA_WITH_DES_CBC_SHA and TLS_DHE_RSA_WITH_DES_CBC_SHA should be blacklisted/not supported as well. Of course most browsers disable compression but might as well prevent it server side as well, no reason to have it on. |