[CentOS] SSL CRIME
markus.falb at fasel.at
Tue Sep 25 13:01:40 UTC 2012
On 24.9.2012 22:26, Albert McCann wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
>> Behalf Of Markus Falb
>> Sent: Monday, September 24, 2012 7:07 AM
>> To: centos at centos.org
>> Subject: [CentOS] SSL CRIME
>> Some of you have heard of CRIME, probably.
>> from https://bugzilla.redhat.com/show_bug.cgi?id=857051
>>> Adding the following line to the /etc/sysconfig/httpd file:
>>> export OPENSSL_NO_DEFAULT_ZLIB=1
>> But there are other services but http that use ssl and are vulnerable?
>> What is the optimal place for setting this environment variable system
>> I tried to set it in
>> without success.
> What about placing it in the /etc/rc.d/rc.local file?
$ ls -l /etc/rc3.d/S99local
lrwxrwxrwx. 1 root root 11 18. Sep 09:08 /etc/rc3.d/S99local -> ../rc.local
It is too late, isn't it?
Kind Regards, Markus Falb
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 304 bytes
Desc: OpenPGP digital signature
More information about the CentOS