With the latest Red Hat 5 updates, OpenSSL (now based on version 0.9.8e) is built with an environment variable hook that disables compression without a rebuild. The variable is called OPENSSL_NO_DEFAULT_ZLIB and should be set to "1" to disable compression. It can be exported from /etc/sysconfig/httpd to control Apache's SSL handling and work around this bug.

For other Red Hat variants or if a rebuild is needed for some other reason, see below.

The procedure is probably similar across Red Hat and CentOS variants, but I've only tried with CentOS 5.

You should do this as something other than root, but explaining how to create a local RPM build tree is not in scope. You can figure that out on your own if you want to. Assuming you're root, the following steps should rebuild a set of OpenSSL packages without zlib support, but with the same name as the original OS-supplied packages.

These instructions match the version at the time of authoring. If the OpenSSL package gets upgraded, the latest revision number might be higher.

$ cd /usr/src/redhat/SRPMS
$ wget http://mirror.centos.org/centos/5/os/SRPMS/openssl-0.9.8b-10.el5.src.rpm
$ rpm -i openssl-0.9.8b-10.el5.src.rpm
$ cd ../SPECS
$ rpmbuild -ba --define='dist .el5' openssl.spec
$ cd ../RPMS/i386
$ rpm -ivh --force openssl-0.9.8b-10.el5.rpm openssl-devel-0.9.8b-10.el5.rpm