On Wed, 12 Jun 2013 15:57:22 -0400 Eric Covener <cove...@gmail.com> wrote:
> On Wed, Jun 12, 2013 at 3:49 PM, William A. Rowe Jr. > <wr...@rowe-clan.net> wrote: > > On Wed, 12 Jun 2013 21:24:31 +0200 > > Reindl Harald <h.rei...@thelounge.net> wrote: > >> > >> well, on Redhat systems in "/etc/sysconfig/httpd" put the line > >> "OPENSSL_NO_DEFAULT_ZLIB=1" did disable it before httpd > >> offered a option, but IHMO any server software should > >> come with as much as secure defaults if they do not hurt > > > > Nothing special about httpd. That is an OpenSSL flag (a patch > > still not adopted upstream AIUI) but it controls default behavior, > > not negotiated behavior. > > Comment 5 seems to say it controls what the server is willing to > negotiate. What contrast were you drawing above? > > https://bugzilla.redhat.com/show_bug.cgi?id=857051 It varies what the server elects based on the client's requested compression state. Comment 15 reiterates that these are two different switches. The RH patch avoids compelling the client to use compression, the httpd patch prevents the use of compression. Toggling the absolute behavior in httpd rather than the preferred default behavior was probably not appropriate for the stable branch, but what's done is done, and I won't vote against backporting the 2.4 change to 2.2 (although I'm -0 on the merits).