httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cathy Fauntleroy" <cathy.fauntle...@vdtg.com>
Subject RE: [users@httpd] SSL Compression
Date Mon, 16 Mar 2015 04:48:47 GMT
Daniel,

 

Thanks for the response.  I am running OpenSSL 0.9.8.  I am attempting to secure TLS compression
and mitigate the CRIME vulnerability by adding the following directive to the httpd.conf file:

 

Implementation on Apache HTTP Server (mod_ssl)

The following configuration block can be used in Apache HTTP Server 2.2+/2.4+ with mod_ssl.
However, there is an exception of being able to turn off TLS/SSL Compression as this is only
possible Apache HTTP Server 2.2.24/2.4.3+ using the SSLCompression directive.

 

SSLProtocol ALL -SSLv2 -SSLv3

SSLHonorCipherOrder On

SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5

SSLCompression Off

I am

 

Thanks…



Cathy Fauntleroy, Security+

Van Dyke Technology Group

Email:   <mailto:cathy.fauntleroy@vdtg.com> cathy.fauntleroy@vdtg.com

Office:  (443) 832-4768

 

From: Daniel [mailto:dferradal@gmail.com] 
Sent: Saturday, March 14, 2015 7:24 PM
To: <users@httpd.apache.org>
Subject: Re: [users@httpd] SSL Compression

 

 

 

2015-03-14 15:02 GMT+01:00 Cathy Fauntleroy <cathy.fauntleroy@vdtg.com <mailto:cathy.fauntleroy@vdtg.com>
>:

Hello Everyone,

 

I have Apache 2.2.24 installed and I am attempting to disable compression.  I am editing the
httpd.conf file and adding ‘SSLCompression Off’.  When I do that, the Apache service does
not start.  The system log does not register any meaningful error.  Has anyone encountered
this before?

 

Thanks…

Cathy Fauntleroy, Security+

Van Dyke Technology Group

Email:  cathy.fauntleroy@vdtg.com <mailto:cathy.fauntleroy@vdtg.com> 

Office:  (443) 832-4768 <tel:%28443%29%20832-4768> 

 



In which context are you trying to use it? Which openssl version do you use?



 

-- 

Daniel Ferradal

IT Specialist

 

email          <mailto:dferradal@gmail.com> dferradal@gmail.com

linkedin      <http://es.linkedin.com/in/danielferradal> es.linkedin.com/in/danielferradal


Mime
View raw message