How to Disable SSL/TLS Compression in Apache 2.2.x to Mitigate CRIME/BEAST Attacks


4 views

In Apache 2.2.x with mod_ssl, there's no direct configuration parameter to disable TLS compression (DEFLATE). This becomes problematic when addressing vulnerabilities like CRIME (Compression Ratio Info-leak Made Easy) and BEAST (Browser Exploit Against SSL/TLS).

While Apache 2.2.x doesn't support direct compression disabling, you can implement these security measures:

# In httpd.conf or ssl.conf
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"
SSLHonorCipherOrder on
SSLCompression off

Note: The SSLCompression off directive won't work in Apache 2.2.x as it was introduced in 2.4.x.

When working with legacy systems:

  • Prioritize cipher suites that use AES-GCM (which provides inherent protection against BEAST)
  • Implement TLS 1.1+ exclusively (though this breaks compatibility with very old browsers)
  • Consider using a reverse proxy (like Nginx) that supports modern TLS features

Here's a sample Nginx configuration that can sit in front of Apache:

server {
    listen 443 ssl;
    server_name example.com;
    
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    
    location / {
        proxy_pass http://apache_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

For legacy browser support:

  • Implement HTTP Strict Transport Security (HSTS)
  • Use subresource integrity checks
  • Consider implementing OCSP stapling

Always verify your configuration using tools like:

openssl s_client -connect example.com:443 -tls1 -cipher AES128-SHA

Or online scanners like SSL Labs' SSL Test.

Working with legacy systems running Apache 2.2.x presents unique security challenges, particularly when dealing with SSL/TLS compression. While modern servers have built-in protections against CRIME and BEAST attacks, older Apache versions require manual intervention.

According to Apache's bug tracker (Bug #53219), there's no native support for disabling SSL compression in Apache 2.2.x through mod_ssl alone. The issue was properly addressed in Apache 2.4.x with the introduction of SSLCompression off directive.

For systems where upgrading isn't immediately feasible, consider these mitigation strategies:

# Option 1: Recompile OpenSSL with no-comp
./config no-comp
make
make install

# Option 2: Use mod_headers to disable compression
Header set Accept-Encoding "identity"

Complement your compression mitigation with strong cipher suites:

SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:!3DES
SSLHonorCipherOrder on

For supporting legacy browsers while maintaining security:

  • Implement TLS_FALLBACK_SCSV to prevent protocol downgrade attacks
  • Configure separate virtual hosts for modern and legacy clients
  • Consider using HAProxy or Nginx as a frontend to handle TLS termination

After implementation, verify your configuration with:

openssl s_client -connect yourdomain:443 -comp

Look for "Compression: NONE" in the output. For comprehensive testing, use tools like Qualys SSL Labs' server test.