Re:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Sep 12, 2014 at 6:03 PM, muthamilan Sargunaanandan <muthamilan@xxxxxxxxx> wrote:
+ I'm using windows2008R2 64bit OS

On Fri, Sep 12, 2014 at 5:53 PM, muthamilan Sargunaanandan <muthamilan@xxxxxxxxx> wrote:
Hello SMEs,

I'm having a Apache version httpd-2.2.22-win32-x86-openssl-0.9.8t.As per Vulnerability report, Compression algorithms should be disabled.

Please help me , how to disable it.

Thanks in Advance

Regards
Muthu


Recommendation:  Upgrade to the latest httpd 2.2.X version and use the directive "SSLCompression off" (which is the default in the latest version anyway).

Alternative, using your level of httpd and OpenSSL: It MAY be possible to disable compression with the the environment variable setting OPENSSL_NO_DEFAULT_ZLIB=yes, but I'm not 100% sure that OpenSSL 0.9.8t supports that (check the source or change log???), and Windows environment variable configuration is perhaps error prone depending on how you run httpd.  If you try this, figure out how to use openssl s_client to check for server compression support with/without the environment variable setting.


--
Born in Roswell... married an alien...
http://emptyhammock.com/

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux