First of all, thanks for the great work you are doing with Hiawatha!
I recently implemented Hiawatha reverse proxy for a few test websites I am playing with (also running on Hiawatha).
I ran the SSL check for one of the websites, you can see the result here
[www.ssllabs.com]. It says: "This server does not mitigate the CRIME attack. Grade capped to C. "
Apparently, this can be fixed by disabling SSL compression.
Is this possible to do that in Hiawatha? If yes, could you please share how?
Do I have to do that on the reverse proxy and the web server itself as well?
I would really appreciate your help!
thanks a lot,