On Mon, Oct 8, 2012 at 5:13 PM, Tomas Hoger <tho...@redhat.com> wrote:
> Hi! > > Are there any plans to apply any changes to OpenSSL related to the > recent CRIME attack? Unlike other libraries (e.g. GnuTLS or NSS), > OpenSSL enables zlib by default. Is there a plan to change the default > in response to the published attack? I'm aware of the existing > SSL_OP_NO_COMPRESSION option as a workaround. > > Thank you! > Its an interesting point - perhaps we should change the default. > > -- > Tomas Hoger > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org >