Am 24.09.2012 um 23:49 schrieb Johnny Hughes: > On 09/24/2012 06:07 AM, Markus Falb wrote: >> Hi, >> Some of you have heard of CRIME, probably. >> >> from https://bugzilla.redhat.com/show_bug.cgi?id=857051 >>> Adding the following line to the /etc/sysconfig/httpd file: >>> >>> export OPENSSL_NO_DEFAULT_ZLIB=1 >> But there are other services but http that use ssl and are vulnerable? >> What is the optimal place for setting this environment variable system wide? >> >> I tried to set it in >> /etc/profile.d/CRIME.sh >> /etc/bashrc >> without success. > > The setting only matters if programs look for it and do something with > it ... so you would need to set it for the user that starts whatever > service you are trying to protect, if that daemon actually uses the > variable. > > Just because a variable does something in httpd, that does not mean the > same variable means the same thing to sshd or any other daemon. its in openssl itself (rhel5/6) http://pkgs.fedoraproject.org/cgit/openssl.git/tree/openssl-0.9.8j-env-nozlib.patch?id=1d20b5f2 IMO, the same above would also apply for e. g. /etc/sysconfig/ldap ... -- LF