X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=apache-mod_ssl.conf;h=f3be5117ced0846eb0e2b24906de1e852540d0b1;hb=c0e515d49e2a06bb23e3a940fbdc37576a1e6db5;hp=0867c277e6694efe9e62d85c6c585862091d4c1a;hpb=39440a58648de1fbbc2c959e6edd63dcdc4f7c28;p=packages%2Fapache.git

diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index 0867c27..f3be511 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -18,7 +18,10 @@ LoadModule ssl_module	modules/mod_ssl.so
 # platforms additionally provide a /dev/urandom device which doesn't
 # block. So, if available, use this one instead. Read the mod_ssl User
 # Manual for more details.
-#
+
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+
 #SSLRandomSeed startup file:/dev/random  512
 #SSLRandomSeed startup file:/dev/urandom 512
 #SSLRandomSeed connect file:/dev/random  512
@@ -60,6 +63,9 @@ SSLSessionCacheTimeout  300
 #   SSL engine uses internally for inter-process synchronization.
 SSLMutex  file:/var/run/httpd/ssl_mutex
 
+#   Disallow compression on the SSL level. Enabling this allows for CRIME attack!
+SSLCompression off
+
 ##
 ## SSL Virtual Host Context
 ##