[CentOS] SSL CRIME
Leon Fauster
leonfauster at googlemail.comMon Sep 24 13:50:26 UTC 2012
- Previous message: [CentOS] SSL CRIME
- Next message: [CentOS] SSL CRIME
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 24.09.2012 um 13:07 schrieb Markus Falb: > Hi, > Some of you have heard of CRIME, probably. > > from https://bugzilla.redhat.com/show_bug.cgi?id=857051 >> Adding the following line to the /etc/sysconfig/httpd file: >> >> export OPENSSL_NO_DEFAULT_ZLIB=1 > > But there are other services but http that use ssl and are vulnerable? > What is the optimal place for setting this environment variable system wide? > > I tried to set it in > /etc/profile.d/CRIME.sh > /etc/bashrc > without success. the corresponding patch mentioned in the bz above could be adapted and the openssl package recompiled. -- LF
- Previous message: [CentOS] SSL CRIME
- Next message: [CentOS] SSL CRIME
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list