on 12-15-2015 2:09 PM
<posted on behalf of customer>
Alert Summary -> System Alerts -> webapplicationservers.protocolprops.compression
As far as I know enabling compression is controversial, at least for HTTPS. Please see CRIME for details.
Is it recommended by SAP to enable compression also for HTTPS, despite the risks?
Otherwise the corresponding check should be adapted to reflect this.
Alert Summary -> System Alerts -> webapplicationservers.protocolprops.compression
I created a JIRA ticket to review this one. ( BITBITOOL-748 ) We'll work with the internal SAP team that supports the various application servers to get their thoughts on this. But its quite possible, as you mentioned, we just need to add an SSL check during the evaluation of this alert.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am checking on this with our security team and will follow up asap
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.