How can you disable SSL compression on Resin?

328 Views Asked by casolorz At 02 May 2014 at 20:44

I'm trying to disable SSL compression on my Resin 4.0.35 pro server because of the CRIME vulnerability https://isecpartners.com/blog/2012/september/details-on-the-crime-attack.aspx but I'm just not sure how to do it, I don't see any options on the xml configuration which would turn that off.

I am using OpenSSL with Resin.

Thanks.

Original Q&A

There are 1 best solutions below

Incarnate1970th On 02 May 2014 at 21:14 BEST ANSWER

Try setting compression attribute inside openssl tag.

  <openssl>
    <certificate-file>...</certificate-file>
    <certificate-key-file>...</certificate-key-file>
    <password>...</password>
    <compression>false</compression>
  </openssl>

Acceptable values are 'true' & 'false'

'compression' attribute was introduced in 4.0.37. (see http://bugs.caucho.com/view.php?id=5435)

How can you disable SSL compression on Resin?

There are 1 best solutions below

Related Questions in RESIN

Related Questions in CAUCHO

Trending Questions

Popular # Hahtags

Popular Questions