Disable compression on the SSL level (CRIME attack).

author Patryk Szczyglowski <patryk@patryk.net>

Sat, 30 Mar 2013 20:04:40 +0000 (21:04 +0100)

committer Patryk Szczyglowski <patryk@patryk.net>

Sat, 30 Mar 2013 20:04:40 +0000 (21:04 +0100)
author Patryk Szczyglowski <patryk@patryk.net>
Sat, 30 Mar 2013 20:04:40 +0000 (21:04 +0100)
committer Patryk Szczyglowski <patryk@patryk.net>
Sat, 30 Mar 2013 20:04:40 +0000 (21:04 +0100)
diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf

index 0867c277e6694efe9e62d85c6c585862091d4c1a..3f76e7e986847559b21aaf53e619967998ba075b 100644 (file)
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -60,6 +60,9 @@ SSLSessionCacheTimeout  300
  #   SSL engine uses internally for inter-process synchronization.
  SSLMutex  file:/var/run/httpd/ssl_mutex
  
+#   Disallow compression on the SSL level. Enabling this allows for CRIME attack!
+SSLCompression off
+
  ##
  ## SSL Virtual Host Context
  ##
author	Patryk Szczyglowski <patryk@patryk.net>
	Sat, 30 Mar 2013 20:04:40 +0000 (21:04 +0100)
committer	Patryk Szczyglowski <patryk@patryk.net>
	Sat, 30 Mar 2013 20:04:40 +0000 (21:04 +0100)