Return-Path: 
 <users-return-110050-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-users-archive@www.apache.org
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CC50B11EFA
	for <apmail-httpd-users-archive@www.apache.org>;
 Sat, 20 Sep 2014 03:42:33 +0000 (UTC)
Received: (qmail 27041 invoked by uid 500); 20 Sep 2014 03:42:30 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 26996 invoked by uid 500); 20 Sep 2014 03:42:30 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 26986 invoked by uid 99); 20 Sep 2014 03:42:30 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 Sep 2014 03:42:30 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of muthamilan@gmail.com
 designates 209.85.217.174 as permitted sender)
Received: from [209.85.217.174] (HELO mail-lb0-f174.google.com)
 (209.85.217.174)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 Sep 2014 03:42:26 +0000
Received: by mail-lb0-f174.google.com with SMTP id l4so4242765lbv.33
        for <users@httpd.apache.org>; Fri, 19 Sep 2014 20:42:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=io8HE37W+/dlQGsejQ1UZV6aW92LxoFcmVx84R25A5c=;
        b=YokLl0OvSyAaNboCE8D4Mj3hJuyXTWHPYpfYAuxh2kV11ZgbOHmuN7e4BH95HgdN/o
         FCOlyLnW2Vlv2DCZK6ijlxol97Sq+MQXmZ4s4js2yb5Rr1DcKGgDLSgQgMo+34bQnlm+
         QuRqCL7hIW2w176iSMTlHS2urO7J2YLr3d3zVUwoOvwNFxQtqV+NW24uP1zPBheZxXjZ
         QGruWYLEheGkqtAmhvgGgJ5P2lklIs1GOZlwIfGTv9bHkzvQO4mXTpNqskVWhvrVFbe/
         WwGZMycEUL0AfTgmeJ5XFT4B1SbAcaTXkWN5KXFEfU5j1W1kpINQDsVVT6pYdojt7bJ7
         Cvcg==
MIME-Version: 1.0
X-Received: by 10.152.42.136 with SMTP id o8mr10560590lal.71.1411184524157;
 Fri, 19 Sep 2014 20:42:04 -0700 (PDT)
Received: by 10.25.167.77 with HTTP; Fri, 19 Sep 2014 20:42:04 -0700 (PDT)
In-Reply-To: 
 <CAKUrXK6Y5ch0j9kS=1CiMhOXqQ_T_z3HvmysH557fntQW6RmeA@mail.gmail.com>
References: 
 <CAFMjzz5+r4=Wx5u-gNtd6Cg4Yfk-UXxgKHO20-SsnaqjX2wQxQ@mail.gmail.com>
	<CAFMjzz71bFRjP0=SMeTZVytmKJwy_t0wYhTxs2gf0SRsGP3huQ@mail.gmail.com>
	<CAKUrXK6Y5ch0j9kS=1CiMhOXqQ_T_z3HvmysH557fntQW6RmeA@mail.gmail.com>
Date: Fri, 19 Sep 2014 23:42:04 -0400
Message-ID: 
 <CAFMjzz5Vwo9UamEn6tFkZ=Lby1aXCwrsHS=4fqcqpC4vkJS+bA@mail.gmail.com>
From: muthamilan Sargunaanandan <muthamilan@gmail.com>
To: users@httpd.apache.org
Content-Type: multipart/alternative; boundary=001a11c34e84466a37050377005c
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd]

--001a11c34e84466a37050377005c
Content-Type: text/plain; charset=UTF-8

Hello Jeff,

Thanks for your support.


Regards
Muthamilan


On Sat, Sep 13, 2014 at 10:05 AM, Jeff Trawick <trawick@gmail.com> wrote:

> On Fri, Sep 12, 2014 at 6:03 PM, muthamilan Sargunaanandan <
> muthamilan@gmail.com> wrote:
>
>> + I'm using windows2008R2 64bit OS
>>
>> On Fri, Sep 12, 2014 at 5:53 PM, muthamilan Sargunaanandan <
>> muthamilan@gmail.com> wrote:
>>
>>> Hello SMEs,
>>>
>>> I'm having a Apache version httpd-2.2.22-win32-x86-openssl-0.9.8t.As
>>> per Vulnerability report, Compression algorithms should be disabled.
>>>
>>> Please help me , how to disable it.
>>>
>>> Thanks in Advance
>>>
>>> Regards
>>> Muthu
>>>
>>
>>
> Recommendation:  Upgrade to the latest httpd 2.2.X version and use the
> directive "SSLCompression off" (which is the default in the latest version
> anyway).
>
> Alternative, using your level of httpd and OpenSSL: It MAY be possible to
> disable compression with the the environment variable setting
> OPENSSL_NO_DEFAULT_ZLIB=yes, but I'm not 100% sure that OpenSSL 0.9.8t
> supports that (check the source or change log???), and Windows environment
> variable configuration is perhaps error prone depending on how you run
> httpd.  If you try this, figure out how to use openssl s_client to check
> for server compression support with/without the environment variable
> setting.
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>
>

--001a11c34e84466a37050377005c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello Jeff,<div><br></div><div>Thanks for your support.</d=
iv><div><br></div><div><br></div><div>Regards</div><div>Muthamilan</div><di=
v><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote"=
>On Sat, Sep 13, 2014 at 10:05 AM, Jeff Trawick <span dir=3D"ltr">&lt;<a hr=
ef=3D"mailto:trawick@gmail.com" target=3D"_blank">trawick@gmail.com</a>&gt;=
</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .=
8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div clas=
s=3D"gmail_extra"><div><div class=3D"h5"><div class=3D"gmail_quote">On Fri,=
 Sep 12, 2014 at 6:03 PM, muthamilan Sargunaanandan <span dir=3D"ltr">&lt;<=
a href=3D"mailto:muthamilan@gmail.com" target=3D"_blank">muthamilan@gmail.c=
om</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"marg=
in:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,20=
4);border-left-style:solid;padding-left:1ex"><div dir=3D"ltr">+ I&#39;m usi=
ng windows2008R2 64bit OS</div><div><div><div class=3D"gmail_extra"><br><di=
v class=3D"gmail_quote">On Fri, Sep 12, 2014 at 5:53 PM, muthamilan Sarguna=
anandan <span dir=3D"ltr">&lt;<a href=3D"mailto:muthamilan@gmail.com" targe=
t=3D"_blank">muthamilan@gmail.com</a>&gt;</span> wrote:<br><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;b=
order-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"=
><div dir=3D"ltr">Hello SMEs,<div><br></div><div>I&#39;m having a Apache ve=
rsion=C2=A0<a href=3D"http://httpd-2.2.22-win32-x86-openssl-0.9.8t.As" targ=
et=3D"_blank">httpd-2.2.22-win32-x86-openssl-0.9.8t.As</a> per=C2=A0Vulnera=
bility report, Compression algorithms should be disabled.</div><div><br></d=
iv><div>Please help me , how to disable it.</div><div><br></div><div>Thanks=
 in Advance</div><div><br></div><div>Regards</div><div>Muthu</div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><div class=3D"gmail_extra"><br></div></div><=
/div>Recommendation: =C2=A0Upgrade to the latest httpd 2.2.X version and us=
e the directive &quot;SSLCompression off&quot; (which is the default in the=
 latest version anyway).<br><br>Alternative, using your level of httpd and =
OpenSSL: It MAY be possible to disable compression with the the environment=
 variable setting OPENSSL_NO_DEFAULT_ZLIB=3Dyes, but I&#39;m not 100% sure =
that OpenSSL 0.9.8t supports that (check the source or change log???), and =
Windows environment variable configuration is perhaps error prone depending=
 on how you run httpd. =C2=A0If you try this, figure out how to use openssl=
 s_client to check for server compression support with/without the environm=
ent variable setting.<span class=3D"HOEnZb"><font color=3D"#888888"><br></f=
ont></span></div><span class=3D"HOEnZb"><font color=3D"#888888"><div class=
=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><div><br></div>-- <br=
><div dir=3D"ltr">Born in Roswell... married an alien...<br><a href=3D"http=
://emptyhammock.com/" target=3D"_blank">http://emptyhammock.com/</a><div><b=
r></div></div>
</div></font></span></div>
</blockquote></div><br></div>

--001a11c34e84466a37050377005c--