CumulonimbusWe disabled compression as a result of the vulnerability as described in "sol14634: SSL / TLS BREACH vulnerability - CVE-2013-3587", last August.
I wonder if the issue has been fixed, and if not, how much more time it is going to need for the issue to be resolved.
We have paid a lot for the licence to use this feature, and need to justify further spend on it.
MVPthis isn't really something for F5 the solve, it is a general issue with SSL and unless someone comes up with something smart it might be an issue for a long time. check http://breachattack.com/ for other possible solutions.
CumulonimbusI see that compression for SSL is still recommended by default in a deployment guide such as http://www.f5.com/pdf/deployment-guides/microsoft-exchange-iapp-dg.pdf .
Cumulonimbus[duplicate deleted.]
MVPlooking at it again the attack isn't that simple. do the three requirements even apply to exchange?
static content can still be compressed apparently, the iapp only compresses some of the content, is that only static perhaps?
i still don't feel F5 is the one to "fix" this. if you feel differently why not open a support ticket and explain them how to do that.
if the site of the discoverers is correct then adding random amounts of data to responses is also a workaround. that should be possible with an iRule, so in that way you even have a mitigation available with a BIG-IP.