From: | Michael Orlitzky <mjo@g.o> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected | ||
Date: | Mon, 28 Apr 2014 23:58:21 | ||
Message-Id: | 535EEB10.1000906@gentoo.org | ||
In Reply to: | Re: [gentoo-user] Heartbleed - using openssl-0.9.8y and affected by Joseph |
1 | On 04/28/2014 12:02 PM, Joseph wrote: |
2 | > |
3 | > I'm using apache-2.2.25 |
4 | > Which file contain setting for: SSLCompression |
5 | > I'm trying to turn it off. |
6 | > |
7 | |
8 | It's on by default in apache-2.2. Place the following somewhere in |
9 | 40_mod_ssl.conf, between "<IfModule ssl_module>" and "</IfModule>": |
10 | |
11 | # Disable CRIME attack (off by default in apache-2.4) |
12 | SSLCompression off |