httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From muthamilan Sargunaanandan <muthami...@gmail.com>
Subject Re: [users@httpd]
Date Sat, 20 Sep 2014 03:42:04 GMT
Hello Jeff,

Thanks for your support.


Regards
Muthamilan


On Sat, Sep 13, 2014 at 10:05 AM, Jeff Trawick <trawick@gmail.com> wrote:

> On Fri, Sep 12, 2014 at 6:03 PM, muthamilan Sargunaanandan <
> muthamilan@gmail.com> wrote:
>
>> + I'm using windows2008R2 64bit OS
>>
>> On Fri, Sep 12, 2014 at 5:53 PM, muthamilan Sargunaanandan <
>> muthamilan@gmail.com> wrote:
>>
>>> Hello SMEs,
>>>
>>> I'm having a Apache version httpd-2.2.22-win32-x86-openssl-0.9.8t.As
>>> per Vulnerability report, Compression algorithms should be disabled.
>>>
>>> Please help me , how to disable it.
>>>
>>> Thanks in Advance
>>>
>>> Regards
>>> Muthu
>>>
>>
>>
> Recommendation:  Upgrade to the latest httpd 2.2.X version and use the
> directive "SSLCompression off" (which is the default in the latest version
> anyway).
>
> Alternative, using your level of httpd and OpenSSL: It MAY be possible to
> disable compression with the the environment variable setting
> OPENSSL_NO_DEFAULT_ZLIB=yes, but I'm not 100% sure that OpenSSL 0.9.8t
> supports that (check the source or change log???), and Windows environment
> variable configuration is perhaps error prone depending on how you run
> httpd.  If you try this, figure out how to use openssl s_client to check
> for server compression support with/without the environment variable
> setting.
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>
>

Mime
View raw message