Re: SSL CRIME

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 24.09.2012 um 13:07 schrieb Markus Falb:
> Hi,
> Some of you have heard of CRIME, probably.
> 
> from https://bugzilla.redhat.com/show_bug.cgi?id=857051
>> Adding the following line to the /etc/sysconfig/httpd file:
>> 
>>  export OPENSSL_NO_DEFAULT_ZLIB=1
> 
> But there are other services but http that use ssl and are vulnerable?
> What is the optimal place for setting this environment variable system wide?
> 
> I tried to set it in
> /etc/profile.d/CRIME.sh
> /etc/bashrc
> without success.


the corresponding patch mentioned in the bz above could be adapted and the openssl package recompiled.

--
LF



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux