cPanel & WHM no longer develops or updates EasyApache 3. We deprecated EasyApache 3 on December 31, 2018. We removed support for EasyApache 3 in cPanel & WHM version 78.
How To Prevent CRIME Attacks - EasyApache - cPanel Documentation
Page tree
Skip to end of metadata
Go to start of metadata


CRIME (Compression Ratio Info-leak Made Easy) is a security exploit that may allow attackers to read encrypted cookies and hijack sessions when SSL compression (TLS compression or SPDY) is in use.

Recent versions of Apache were shipped with SSL compression turned on by default.


To resolve this issue, cPanel has made the following changes:

  • cPanel patched Apache 2.2.23 to include the SSLCompression directive.
  • cPanel has set the default behavior of SSLCompression to off for both Apache 2.2 and Apache 2.4.

The result is that when Apache is built, SSL Compression is off.

System administrators can still set this directive to on if they choose, but we strongly recommend against this action.


Apache 2.2.24 already has the SSLCompression directive, so the patch has been simplified to set the default behavior of SSLCompression to off.

Additional Documentation

More information about SSLCompression is available at the Apache website: