Re: [CentOS] SSL CRIME

24 Sep 2012


      ...
-----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
Behalf Of Markus Falb
Sent: Monday, September 24, 2012 7:07 AM
To: centos@centos.org
Subject: [CentOS] SSL CRIME
Hi,
Some of you have heard of CRIME, probably.
from https://bugzilla.redhat.com/show_bug.cgi?id=857051
...
Adding the following line to the /etc/sysconfig/httpd file:
export OPENSSL_NO_DEFAULT_ZLIB=1
But there are other services but http that use ssl and are vulnerable?
What is the optimal place for setting this environment variable system
wide?
I tried to set it in
/etc/profile.d/CRIME.sh
/etc/bashrc
without success.
What about placing it in the /etc/rc.d/rc.local file?
Al McCann
---
My computer was sold to me by Mad Man Muntz.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] SSL CRIME