> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Markus Falb > Sent: Monday, September 24, 2012 7:07 AM > To: centos at centos.org > Subject: [CentOS] SSL CRIME > > Hi, > Some of you have heard of CRIME, probably. > > from https://bugzilla.redhat.com/show_bug.cgi?id=857051 > > Adding the following line to the /etc/sysconfig/httpd file: > > > > export OPENSSL_NO_DEFAULT_ZLIB=1 > > But there are other services but http that use ssl and are vulnerable? > What is the optimal place for setting this environment variable system > wide? > > I tried to set it in > /etc/profile.d/CRIME.sh > /etc/bashrc > without success. What about placing it in the /etc/rc.d/rc.local file? Al McCann --- My computer was sold to me by Mad Man Muntz.