22. SSLの圧縮処理を
無効化する
Apache2.4 -> 機能あり
Apache2.2 -> 2.2.24 から機能追加
Changes with Apache 2.2.24
*) mod_ssl: Change default for SSLCompression to off,
as compression causes security issues in most setups.
(The so called "CRIME" attack). [Stefan Fritsch]
23. • Apache をバージョンアップ
• conf にディレクティブ追加
SSLCompression off
<VirtualHost>の外に書かないと
怒られる
# service httpd configtest
Syntax error on line 23 of /usr/local/apache2/conf/httpdssl.conf:
This version of openssl does not support configuring
compression within <VirtualHost> sections.
25. #
Per-Server Logging:
#
The home of a custom SSL log file. Use this when you want
a
#
compact non-error SSL logfile on a virtual host basis.
CustomLog "/usr/local/apache2/logs/ssl_request_log"
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
ログにプロトコルと暗号化スイートを
出力することも可能