httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [users@httpd]
Date Sat, 13 Sep 2014 14:05:42 GMT
On Fri, Sep 12, 2014 at 6:03 PM, muthamilan Sargunaanandan <
muthamilan@gmail.com> wrote:

> + I'm using windows2008R2 64bit OS
>
> On Fri, Sep 12, 2014 at 5:53 PM, muthamilan Sargunaanandan <
> muthamilan@gmail.com> wrote:
>
>> Hello SMEs,
>>
>> I'm having a Apache version httpd-2.2.22-win32-x86-openssl-0.9.8t.As
>> per Vulnerability report, Compression algorithms should be disabled.
>>
>> Please help me , how to disable it.
>>
>> Thanks in Advance
>>
>> Regards
>> Muthu
>>
>
>
Recommendation:  Upgrade to the latest httpd 2.2.X version and use the
directive "SSLCompression off" (which is the default in the latest version
anyway).

Alternative, using your level of httpd and OpenSSL: It MAY be possible to
disable compression with the the environment variable setting
OPENSSL_NO_DEFAULT_ZLIB=yes, but I'm not 100% sure that OpenSSL 0.9.8t
supports that (check the source or change log???), and Windows environment
variable configuration is perhaps error prone depending on how you run
httpd.  If you try this, figure out how to use openssl s_client to check
for server compression support with/without the environment variable
setting.


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message