How can you disable SSL compression on Resin?

StackOverflow https://stackoverflow.com/questions/23436653

  •  14-07-2023
  •  | 
  •  

Pregunta

I'm trying to disable SSL compression on my Resin 4.0.35 pro server because of the CRIME vulnerability https://isecpartners.com/blog/2012/september/details-on-the-crime-attack.aspx but I'm just not sure how to do it, I don't see any options on the xml configuration which would turn that off.

I am using OpenSSL with Resin.

Thanks.

¿Fue útil?

Solución

Try setting compression attribute inside openssl tag. 

  <openssl>
    <certificate-file>...</certificate-file>
    <certificate-key-file>...</certificate-key-file>
    <password>...</password>
    <compression>false</compression>
  </openssl>

Acceptable values are 'true' & 'false'

'compression' attribute was introduced in 4.0.37. (see http://bugs.caucho.com/view.php?id=5435)

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top