From: Eric Covener <covener@apache.org>
Date: Mon, 26 Aug 2013 16:11:22 +0000 (+0000)
Subject: add a warning about BREACH to the first two sample configurations.
X-Git-Tag: 2.5.0-alpha~5147
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0d0986770c3345a16983bbe519aae7121587b7b2;p=apache

add a warning about BREACH to the first two sample configurations.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1517589 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_deflate.xml b/docs/manual/mod/mod_deflate.xml
index 783ca9c281..a8da0c2455 100644
--- a/docs/manual/mod/mod_deflate.xml
+++ b/docs/manual/mod/mod_deflate.xml
@@ -38,6 +38,11 @@ client</description>
 <seealso><a href="../filter.html">Filters</a></seealso>
 
 <section id="recommended"><title>Sample Configurations</title>
+    <note type="warning"><title>Compression and TLS</title>
+        <p>Some web applications are vulnerable to an information disclosure
+        attack when a TLS connection carries deflate compressed data. For more
+        information, review the details of the "BREACH" family of attacks.</p>
+    </note>
     <p>This is a simple configuration that compresses common text-based content types.</p>
 
     <example><title>Compress only a few types</title>
@@ -49,6 +54,11 @@ client</description>
 </section>
 
 <section id="enable"><title>Enabling Compression</title>
+    <note type="warning"><title>Compression and TLS</title>
+        <p>Some web applications are vulnerable to an information disclosure
+        attack when a TLS connection carries deflate compressed data. For more
+        information, review the details of the "BREACH" family of attacks.</p>
+    </note>
 
     <section id="output"><title>Output Compression</title>
       <p>Compression is implemented by the <code>DEFLATE</code>