On Mon, 13 Jan 2014 17:26:23 +0100 Jeff Hodges via RT wrote: > According to [1], TLS compression is still the default configuration > of OpenSSL. This opens OpenSSL and all dependent tools (python, ruby, > etc.) to the CRIME attack.
There was some discussion on this topic on openssl-dev before, that has some related ideas noted (e.g. what to do with SSL_OP_NO_COMPRESSION option): http://www.mail-archive.com/[email protected]/msg31576.html -- Tomas Hoger ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
