Protection against "CRIME attack"/Disable SSL compression under Ubuntu/Apache/2.2.22

Lucas Pelegrino asked:

I’m trying to disable SSL compression in my server, but can’t because SSLCompression option isn’t yet avaliable with my current apache installation.

I found a patch that will give me that option http://pastebin.com/FnvUyjdJ, but have no ideia how to apply it. Could you guys help me?

My answer:


This issue was resolved with a backported patch. You only need to update Apache to the version given in the security notice, or a later version.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.