24 Sep
2012
24 Sep
'12
11:07 a.m.
Hi, Some of you have heard of CRIME, probably.
from https://bugzilla.redhat.com/show_bug.cgi?id=857051
Adding the following line to the /etc/sysconfig/httpd file:
export OPENSSL_NO_DEFAULT_ZLIB=1
But there are other services but http that use ssl and are vulnerable? What is the optimal place for setting this environment variable system wide?
I tried to set it in /etc/profile.d/CRIME.sh /etc/bashrc without success.
--
Kind Regards, Markus Falb