• caglararli@hotmail.com
  • 05386281520

CRIME and BREACH attacks, HTTP/2 and HTTP/3

Çağlar Arlı      -    49 Views

CRIME and BREACH attacks, HTTP/2 and HTTP/3

I have been reading on CRIME and BREACH attacks and I want to learn better how to protect against them.

From what I understood, those attacks require TLS encryption over HTTP compression and HTTP content reflecting an user input.

HTTP/2 uses HPACK and HTTP/3 uses QPACK header compressions, which are secure against CRIME and BREACH. If my secret data is only inside headers, does that mean that I can safely use compression on the whole request / response, with HTTP/2 or HTTP/3?