From 5e0270e6a83e63284e43101c5883ba51371a1595 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laurens=20St=C3=B6tzel?= <l.stoetzel@meeva.de>
Date: Tue, 17 Jan 2017 10:18:52 +0100
Subject: [PATCH] Disable SSLCompression (CRIME attack)

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html#SSL_Compression_(CRIME_attack)
---
 scripts/jobs/cron_tasks.inc.http.10.apache.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index 174ae623..d7e793fb 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -422,6 +422,8 @@ class apache extends HttpConfigBase
 
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
+							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCompression Off' . "\n";
+
 							// this makes it more secure, thx to Marcel (08/2013)
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";