[CentOS] SSL CRIME

Johnny Hughes johnny at centos.org
Mon Sep 24 17:49:02 EDT 2012


On 09/24/2012 06:07 AM, Markus Falb wrote:
> Hi,
> Some of you have heard of CRIME, probably.
>
> from https://bugzilla.redhat.com/show_bug.cgi?id=857051
>> Adding the following line to the /etc/sysconfig/httpd file:
>>
>>   export OPENSSL_NO_DEFAULT_ZLIB=1
> But there are other services but http that use ssl and are vulnerable?
> What is the optimal place for setting this environment variable system wide?
>
> I tried to set it in
> /etc/profile.d/CRIME.sh
> /etc/bashrc
> without success.

The setting only matters if programs look for it and do something with
it ... so you would need to set it for the user that starts whatever
service you are trying to protect, if that daemon actually uses the
variable.

Just because a variable does something in httpd, that does not mean the
same variable means the same thing to sshd or any other daemon.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.centos.org/pipermail/centos/attachments/20120924/37710869/attachment.bin 


More information about the CentOS mailing list