From: Patryk Szczyglowski <patryk@patryk.net>
Date: Sat, 30 Mar 2013 20:04:40 +0000 (+0100)
Subject: Disable compression on the SSL level (CRIME attack).
X-Git-Tag: auto/th/apache-2.2.24-2~2
X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=77cad01332428ecdc899405cde1e758bdc5279e5;p=packages%2Fapache.git

Disable compression on the SSL level (CRIME attack).
---

diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index 0867c27..3f76e7e 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -60,6 +60,9 @@ SSLSessionCacheTimeout  300
 #   SSL engine uses internally for inter-process synchronization.
 SSLMutex  file:/var/run/httpd/ssl_mutex
 
+#   Disallow compression on the SSL level. Enabling this allows for CRIME attack!
+SSLCompression off
+
 ##
 ## SSL Virtual Host Context
 ##