I have one sever running on Apache 2.2.16. I run the VA scanner on the server. According to the VA report it is recommended that SSL/TLS compression should be off.
I tried to search google, but didnt find any helpful. Can anybody tell me how to set it off in Apache 2.2.16 without upgrading the version.
Ssl – How to disable SSL/TLS compression in Apache 2.2.16
apache-2.2compressionSecuritysslwindows-server-2008
Related Topic
- Ssl – Disable SSL / TLS compression in Apache 2.2.x
- Ssl – Disable compression on SSL/TLS connections in Apache < 2.2.16 using mod_header
- Windows – Apache SSL on 64-bit Windows (not a valid Win32 application)
- Ssl – Unable to turn off SSLv3 on Apache 2.4.9 without losing TLS 1.1 and 1.2
- Nginx – Enable SSL compression in nginx server
Best Answer
Sometimes, even with the latest version of Apache, if the current openssl library is not enough recent, the server returns the following error:
In this case you can disable the compression exporting the following variable before start Apache httpd server:
I have found the suggestion here: