Am 12.06.2013 21:15, schrieb William A. Rowe Jr.: > I believe the change is outside of the scope which server authors should > entertain, and it is up to the user agent authors to make an intelligent > choice knowing the risks and lack of risks in their agent implementation
yes and no in fact if you are audited by 3rd partis of your customers this will be detected and since this auditors are mostly blind butchers you get a "fix it or shutdown" from this point of view it should be disabled well, on Redhat systems in "/etc/sysconfig/httpd" put the line "OPENSSL_NO_DEFAULT_ZLIB=1" did disable it before httpd offered a option, but IHMO any server software should come with as much as secure defaults if they do not hurt where compression is a topic mod_deflate is used and do compression on two layers is IMHO questionable
signature.asc
Description: OpenPGP digital signature