On Tue, 16 Jul 2013, Joel Sing wrote: > CVSROOT: /cvs > Module name: src > Changes by: js...@cvs.openbsd.org 2013/07/16 07:22:55 > > Modified files: > usr.sbin/httpd/src/modules/ssl: mod_ssl.c mod_ssl.h > ssl_engine_config.c > ssl_engine_init.c > > Log message: > Disable SSL compression in order to mitigate CRIME attacks. Add > an SSLCompression option so that it can be turned back on, however on > this is currently a no-op due to the compile options for libssl.
specifically, we turn compression off at compile time in our libssl so we aren't victim to the CRIME attack anyway.
