Am 12.06.2013 21:49, schrieb William A. Rowe Jr.: > On Wed, 12 Jun 2013 21:24:31 +0200 > Reindl Harald <h.rei...@thelounge.net> wrote: >> >> well, on Redhat systems in "/etc/sysconfig/httpd" put the line >> "OPENSSL_NO_DEFAULT_ZLIB=1" did disable it before httpd >> offered a option, but IHMO any server software should >> come with as much as secure defaults if they do not hurt > > Nothing special about httpd. That is an OpenSSL flag (a patch > still not adopted upstream AIUI) but it controls default behavior, > not negotiated behavior. I believe our patch disables compression > altogether, which is a very different toggle, but I could be wrong
https://www.ssllabs.com/ssltest/ check it with "OPENSSL_NO_DEFAULT_ZLIB=1" and without this is what auditors do - period it is completly irrelevant to guess which browsers are updated and hpe that most users are up-to-date, well *my* browsers are up-to-date but this *does not* help if you are looking at the big picture and if there is a option enabled which can be a security problem with zero benefit it should be disabled
signature.asc
Description: OpenPGP digital signature
