[packages/apache/APACHE_2_2] Disable compression on the SSL level (CRIME attack).
psz
psz at pld-linux.org
Sat Mar 30 21:05:29 CET 2013
commit 77cad01332428ecdc899405cde1e758bdc5279e5
Author: Patryk Szczyglowski <patryk at patryk.net>
Date: Sat Mar 30 21:04:40 2013 +0100
Disable compression on the SSL level (CRIME attack).
apache-mod_ssl.conf | 3 +++
1 file changed, 3 insertions(+)
---
diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index 0867c27..3f76e7e 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -60,6 +60,9 @@ SSLSessionCacheTimeout 300
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:/var/run/httpd/ssl_mutex
+# Disallow compression on the SSL level. Enabling this allows for CRIME attack!
+SSLCompression off
+
##
## SSL Virtual Host Context
##
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/77cad01332428ecdc899405cde1e758bdc5279e5
More information about the pld-cvs-commit
mailing list