DEVHIDE
Login Or Sign up

How can you disable SSL compression on Resin?

309 Views Asked by At

I'm trying to disable SSL compression on my Resin 4.0.35 pro server because of the CRIME vulnerability https://isecpartners.com/blog/2012/september/details-on-the-crime-attack.aspx but I'm just not sure how to do it, I don't see any options on the xml configuration which would turn that off.

I am using OpenSSL with Resin.

Thanks.

resin caucho
Original Q&A
1

There are 1 best solutions below

3
On BEST ANSWER

Try setting compression attribute inside openssl tag. 

  <openssl>
    <certificate-file>...</certificate-file>
    <certificate-key-file>...</certificate-key-file>
    <password>...</password>
    <compression>false</compression>
  </openssl>

Acceptable values are 'true' & 'false'

'compression' attribute was introduced in 4.0.37. (see http://bugs.caucho.com/view.php?id=5435)

Related Questions in RESIN

Related Questions in CAUCHO

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.