How can we mitigate CVE-2012-4929 SSL/TLS CRIME attack against HTTPS in Red Hat Enterprise Linux 5 or 6

Solution Verified - Updated -

Issue

  • httpd refuses to start when SSLCompression on is used in /etc/httpd/conf.d/ssl.conf
  • How can we mitigate CVE-2012-4929 SSL/TLS CRIME attack against HTTPS in Red Hat Enterprise Linux 5 or 6 on httpd and mod_ssl?

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • OpenSSL
  • Red Hat JBoss Enterprise Web Server (EWS)
    • Apache httpd
    • mod_ssl

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In