On Mon, Oct 8, 2012 at 5:13 PM, Tomas Hoger <[email protected]> wrote:
> Hi! > > Are there any plans to apply any changes to OpenSSL related to the > recent CRIME attack? Unlike other libraries (e.g. GnuTLS or NSS), > OpenSSL enables zlib by default. Is there a plan to change the default > in response to the published attack? I'm aware of the existing > SSL_OP_NO_COMPRESSION option as a workaround. > > Thank you! > Its an interesting point - perhaps we should change the default. > > -- > Tomas Hoger > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] >
