httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel <dferra...@gmail.com>
Subject Re: [users@httpd] SSL Compression
Date Wed, 18 Mar 2015 14:59:44 GMT
There is an exception, you can only use that directive in server config,
that's why I asked about the context.

If you set that up inside a virtualhost, it will probably will give you
issues.

-- 
*Daniel Ferradal*
IT Specialist

email         dferradal@gmail.com
linkedin     es.linkedin.com/in/danielferradal

2015-03-16 5:48 GMT+01:00 Cathy Fauntleroy <cathy.fauntleroy@vdtg.com>:

> Daniel,
>
>
>
> Thanks for the response.  I am running OpenSSL 0.9.8.  I am attempting to
> secure TLS compression and mitigate the CRIME vulnerability by adding the
> following directive to the httpd.conf file:
>
>
>
> Implementation on Apache HTTP Server (mod_ssl)
>
> The following configuration block can be used in Apache HTTP Server
> 2.2+/2.4+ with mod_ssl. However, there is an exception of being able to
> turn off TLS/SSL Compression as this is only possible Apache HTTP Server
> 2.2.24/2.4.3+ using the SSLCompression directive.
>
>
>
> SSLProtocol ALL -SSLv2 -SSLv3
>
> SSLHonorCipherOrder On
>
> SSLCipherSuite ECDH+AESGCM
> :DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3
> DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
>
> SSLCompression Off
>
> I am
>
>
>
> Thanks…
>
> *Cathy Fauntleroy,* *Security+*
>
> *Van Dyke Technology Group*
>
> *Email:**  cathy.fauntleroy@vdtg.com <cathy.fauntleroy@vdtg.com>*
>
> *Office:  (443) 832-4768 <%28443%29%20832-4768>*
>
>
>
> *From:* Daniel [mailto:dferradal@gmail.com]
> *Sent:* Saturday, March 14, 2015 7:24 PM
> *To:* <users@httpd.apache.org>
> *Subject:* Re: [users@httpd] SSL Compression
>
>
>
>
>
>
>
> 2015-03-14 15:02 GMT+01:00 Cathy Fauntleroy <cathy.fauntleroy@vdtg.com>:
>
> Hello Everyone,
>
>
>
> I have Apache 2.2.24 installed and I am attempting to disable
> compression.  I am editing the httpd.conf file and adding ‘SSLCompression
> Off’.  When I do that, the Apache service does not start.  The system log
> does not register any meaningful error.  Has anyone encountered this before?
>
>
>
> Thanks…
>
> *Cathy Fauntleroy,* *Security+*
>
> *Van Dyke Technology Group*
>
> *Email:**  cathy.fauntleroy@vdtg.com <cathy.fauntleroy@vdtg.com>*
>
> *Office:  (443) 832-4768 <%28443%29%20832-4768>*
>
>
>
>
>
> In which context are you trying to use it? Which openssl version do you
> use?
>
>
>
> --
>
> *Daniel Ferradal*
>
> IT Specialist
>
>
>
> email         dferradal@gmail.com
>
> linkedin     es.linkedin.com/in/danielferradal
>

Mime
View raw message