How can we mitigate CVE-2012-4929 SSL/TLS CRIME attack against HTTPS in Red Hat Enterprise Linux 5 or 6
Issue
httpd
refuses to start whenSSLCompression on
is used in/etc/httpd/conf.d/ssl.conf
- How can we mitigate CVE-2012-4929 SSL/TLS CRIME attack against HTTPS in Red Hat Enterprise Linux 5 or 6 on httpd and mod_ssl?
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- OpenSSL
- Red Hat JBoss Enterprise Web Server (EWS)
- Apache httpd
- mod_ssl
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.