Hi! Are there any plans to apply any changes to OpenSSL related to the recent CRIME attack? Unlike other libraries (e.g. GnuTLS or NSS), OpenSSL enables zlib by default. Is there a plan to change the default in response to the published attack? I'm aware of the existing SSL_OP_NO_COMPRESSION option as a workaround.
Thank you! -- Tomas Hoger ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
