Hello Jeff, Thanks for your support.
Regards Muthamilan On Sat, Sep 13, 2014 at 10:05 AM, Jeff Trawick <traw...@gmail.com> wrote: > On Fri, Sep 12, 2014 at 6:03 PM, muthamilan Sargunaanandan < > muthami...@gmail.com> wrote: > >> + I'm using windows2008R2 64bit OS >> >> On Fri, Sep 12, 2014 at 5:53 PM, muthamilan Sargunaanandan < >> muthami...@gmail.com> wrote: >> >>> Hello SMEs, >>> >>> I'm having a Apache version httpd-2.2.22-win32-x86-openssl-0.9.8t.As >>> per Vulnerability report, Compression algorithms should be disabled. >>> >>> Please help me , how to disable it. >>> >>> Thanks in Advance >>> >>> Regards >>> Muthu >>> >> >> > Recommendation: Upgrade to the latest httpd 2.2.X version and use the > directive "SSLCompression off" (which is the default in the latest version > anyway). > > Alternative, using your level of httpd and OpenSSL: It MAY be possible to > disable compression with the the environment variable setting > OPENSSL_NO_DEFAULT_ZLIB=yes, but I'm not 100% sure that OpenSSL 0.9.8t > supports that (check the source or change log???), and Windows environment > variable configuration is perhaps error prone depending on how you run > httpd. If you try this, figure out how to use openssl s_client to check > for server compression support with/without the environment variable > setting. > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > >
