Comment by Animats
11 years ago
Since SSL doesn't hide the length of the encrypted document, an attacker can make a good guess as to what public static content is being read.
11 years ago
Since SSL doesn't hide the length of the encrypted document, an attacker can make a good guess as to what public static content is being read.
Out of curiosity, does keeping connections alive help at all with this? Would an effective defense be embedding variable-length chunks of nonce in each header?