On Fri, Sep 12, 2014 at 6:03 PM, muthamilan Sargunaanandan < muthami...@gmail.com> wrote:
> + I'm using windows2008R2 64bit OS > > On Fri, Sep 12, 2014 at 5:53 PM, muthamilan Sargunaanandan < > muthami...@gmail.com> wrote: > >> Hello SMEs, >> >> I'm having a Apache version httpd-2.2.22-win32-x86-openssl-0.9.8t.As >> per Vulnerability report, Compression algorithms should be disabled. >> >> Please help me , how to disable it. >> >> Thanks in Advance >> >> Regards >> Muthu >> > > Recommendation: Upgrade to the latest httpd 2.2.X version and use the directive "SSLCompression off" (which is the default in the latest version anyway). Alternative, using your level of httpd and OpenSSL: It MAY be possible to disable compression with the the environment variable setting OPENSSL_NO_DEFAULT_ZLIB=yes, but I'm not 100% sure that OpenSSL 0.9.8t supports that (check the source or change log???), and Windows environment variable configuration is perhaps error prone depending on how you run httpd. If you try this, figure out how to use openssl s_client to check for server compression support with/without the environment variable setting. -- Born in Roswell... married an alien... http://emptyhammock.com/
