Forum Discussion
4 Replies
this isn't really something for F5 the solve, it is a general issue with SSL and unless someone comes up with something smart it might be an issue for a long time. check http://breachattack.com/ for other possible solutions.
- JGCumulonimbus
I see that compression for SSL is still recommended by default in a deployment guide such as http://www.f5.com/pdf/deployment-guides/microsoft-exchange-iapp-dg.pdf .
- JGCumulonimbus
[duplicate deleted.]
looking at it again the attack isn't that simple. do the three requirements even apply to exchange?
static content can still be compressed apparently, the iapp only compresses some of the content, is that only static perhaps?
i still don't feel F5 is the one to "fix" this. if you feel differently why not open a support ticket and explain them how to do that.
if the site of the discoverers is correct then adding random amounts of data to responses is also a workaround. that should be possible with an iRule, so in that way you even have a mitigation available with a BIG-IP.