Changeset 2321


Ignore:
Timestamp:
Sep 12, 2012, 9:08:54 PM (12 years ago)
Author:
geofft
Message:
Disable SSL compression to defend against rumored side-channel attack
Location:
trunk/server
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/httpd/conf/httpd.conf

    r2270 r2321  
    319319    SSLInsecureRenegotiation on
    320320
     321    # Temporary fix for presumed CRIME attack against SSL
     322    SSLCompression off
     323
    321324    SSLPassPhraseDialog  builtin
    322325    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
  • trunk/server/fedora/specs/httpd.spec.patch

    r2246 r2321  
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1111 Source1: index.html
    12 @@ -58,6 +58,14 @@
     12@@ -58,6 +58,15 @@
    1313 Requires(postun): systemd-units
    1414 Requires(post): systemd-units
     
    2121+Patch1006: httpd-suexec-cloexec.patch
    2222+Patch1007: httpd-fixup-vhost.patch
     23+Patch1008: httpd-SSLCompression.patch
    2324+
    2425 %description
    2526 The Apache HTTP Server is a powerful, efficient, and extensible
    2627 web server.
    27 @@ -68,6 +77,7 @@
     28@@ -68,6 +78,7 @@
    2829 Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    2930 Requires: apr-devel, apr-util-devel, pkgconfig
     
    3334 %description devel
    3435 The httpd-devel package contains the APXS binary and other files
    35 @@ -106,6 +116,7 @@
     36@@ -106,6 +117,7 @@
    3637 Requires(post): openssl, /bin/cat
    3738 Requires(pre): httpd
     
    4142 
    4243 %description -n mod_ssl
    43 @@ -133,6 +149,13 @@
     44@@ -133,6 +150,14 @@
    4445 # Patch in vendor/release string
    4546 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
     
    5152+%patch1006 -p1 -b .cloexec
    5253+%patch1007 -p1 -b .fixup-vhost
     54+%patch1008 -p1 -b .sslcompression
    5355+
    5456 # Safety check: prevent build if defined MMN does not equal upstream MMN.
    5557 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    5658 if test "x${vmmn}" != "x%{mmn}"; then
    57 @@ -193,10 +217,12 @@
     59@@ -193,10 +219,12 @@
    5860         --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    5961        --enable-suexec --with-suexec \
Note: See TracChangeset for help on using the changeset viewer.