For those of us still using the 0.9.8-line, I see three options for addressing CRIME:
1) recompile our OpenSSL libraries with compression disabled, 2) programmatically disable it for all SSL connections using "sk_SSL_COMP_zero()" as described in the patches at http://www.dest-unreach.org/socat/contrib/socat-opensslcompress.html, or 3) do nothing. I'm inclined to go with option 2. This gives me the ability to use compression in the future if I need/want to. Thoughts? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
