Am 28.11.2015 um 17:56 schrieb Henrick Hellström:
AFAIK, HTTP 1.1 browsers typically don't send a new request over an
open connection, before it has received the response to the previous
request. If that is the case, it is trivial to get the message lengths
from the traffic, with or without encrypted TLS record headers. IOW
you gain nothing by encrypting the length fields.
I think this is what browsers do by default. For HTTP2 this should be
different.
Regards,
Roland
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
