On 09/24/2012 06:07 AM, Markus Falb wrote: > Hi, > Some of you have heard of CRIME, probably. > > from https://bugzilla.redhat.com/show_bug.cgi?id=857051 >> Adding the following line to the /etc/sysconfig/httpd file: >> >> export OPENSSL_NO_DEFAULT_ZLIB=1 > But there are other services but http that use ssl and are vulnerable? > What is the optimal place for setting this environment variable system wide? > > I tried to set it in > /etc/profile.d/CRIME.sh > /etc/bashrc > without success. The setting only matters if programs look for it and do something with it ... so you would need to set it for the user that starts whatever service you are trying to protect, if that daemon actually uses the variable. Just because a variable does something in httpd, that does not mean the same variable means the same thing to sshd or any other daemon. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20120924/37710869/attachment-0005.sig>