[CentOS] SSL CRIME

Albert McCann mac358 at newsguy.com
Mon Sep 24 16:26:04 EDT 2012


> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Markus Falb
> Sent: Monday, September 24, 2012 7:07 AM
> To: centos at centos.org
> Subject: [CentOS] SSL CRIME
> 
> Hi,
> Some of you have heard of CRIME, probably.
> 
> from https://bugzilla.redhat.com/show_bug.cgi?id=857051
> > Adding the following line to the /etc/sysconfig/httpd file:
> >
> >   export OPENSSL_NO_DEFAULT_ZLIB=1
> 
> But there are other services but http that use ssl and are vulnerable?
> What is the optimal place for setting this environment variable system
> wide?
> 
> I tried to set it in
> /etc/profile.d/CRIME.sh
> /etc/bashrc
> without success.

What about placing it in the /etc/rc.d/rc.local file?

Al McCann
---
My computer was sold to me by Mad Man Muntz.



More information about the CentOS mailing list