0

I have one sever running on Apache 2.2.16. I run the VA scanner on the server. According to the VA report it is recommended that SSL/TLS compression should be off. I tried to search google, but didnt find any helpful. Can anybody tell me how to set it off in Apache 2.2.16 without upgrading the version.

NapdaN
  • 11
  • 1
  • 1
  • 2

3 Answers3

2

Sometimes, even with the latest version of Apache, if the current openssl library is not enough recent, the server returns the following error:

Invalid command 'SSLCompression', perhaps misspelled or defined by a module not included in the server configuration. 

In this case you can disable the compression exporting the following variable before start Apache httpd server:

export OPENSSL_NO_DEFAULT_ZLIB=1

I have found the suggestion here:

freedev
  • 313
  • 5
  • 17
1

You'll have to upgrade to at least version 2.2.24 to be able to do this.

From version 2.2.24 and up you can disallow SSL compression on the server level or for individual vhosts with the following directive:

SSLCompression off

So for a single vhost you can disallow it like this:

<VirtualHost *:443>
    ServerName      "my.example.com"
    DocumentRoot    "/var/www/html"

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

    SSLCompression off  # disallow for this vhost

    SSLCertificateFile      /etc/ssl/my.example.com.crt
    SSLCertificateKeyFile   /etc/ssl/my.example.com.key
</VirtualHost>

Reference: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95
0

I don't have enough points to upvote or comment on other replies, so I'll chime in here. As Mathias states, you need at least 2.2.24 to disable compression.

SSLCompression off

Just be aware, it DOES NOT work inside a virtualhost directive in 2.2.25, as my server just spat out:

This version of openssl does not support configuring compression within <VirtualHost> sections.

However, it works perfectly fine in the main httpd.conf file for server-wide effect.

Caleb
  • 1