Archives
Archives
| From: | Michael Orlitzky <mjo@g.o> | ||
|---|---|---|---|
| To: | gentoo-user@l.g.o | ||
| Subject: | Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected | ||
| Date: | Mon, 28 Apr 2014 23:58:21 | ||
| Message-Id: | 535EEB10.1000906@gentoo.org | ||
| In Reply to: | Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected by Joseph |
||
| 1 | On 04/28/2014 12:02 PM, Joseph wrote: |
| 2 | > |
| 3 | > I'm using apache-2.2.25 |
| 4 | > Which file contain setting for: SSLCompression |
| 5 | > I'm trying to turn it off. |
| 6 | > |
| 7 | |
| 8 | It's on by default in apache-2.2. Place the following somewhere in |
| 9 | 40_mod_ssl.conf, between "<IfModule ssl_module>" and "</IfModule>": |
| 10 | |
| 11 | # Disable CRIME attack (off by default in apache-2.4) |
| 12 | SSLCompression off |