[CentOS] SSL CRIME
leonfauster at googlemail.com
Mon Sep 24 13:50:26 UTC 2012
Am 24.09.2012 um 13:07 schrieb Markus Falb:
> Some of you have heard of CRIME, probably.
> from https://bugzilla.redhat.com/show_bug.cgi?id=857051
>> Adding the following line to the /etc/sysconfig/httpd file:
>> export OPENSSL_NO_DEFAULT_ZLIB=1
> But there are other services but http that use ssl and are vulnerable?
> What is the optimal place for setting this environment variable system wide?
> I tried to set it in
> without success.
the corresponding patch mentioned in the bz above could be adapted and the openssl package recompiled.
More information about the CentOS