You can use my stage for 2.7b branch if that's easier, which already has the CRIME patch applied for openssl pre 1.0 and 1.0+.
https://github.com/goochjj/pound/tree/stage_for_upstream/v2.7b Or you can borrow the patch from the last commit to that branch. Joe > -----Original Message----- > From: James Bensley [mailto:[email protected]] > Sent: Thursday, December 13, 2012 12:46 PM > To: [email protected] > Subject: Re: [Pound Mailing List] Disabling SSL Compression option in > Stable Release > > Howdy all, > > I'm curious about this too. I would like to protect against it. > > So far I have only found this one reference to it on line, if I > implement this single line of code and recompile Pound (running version > 2.7a) which this work for me? > > http://comments.gmane.org/gmane.comp.web.pound.general/6858 > > Many thanks, > James. > > On 23 October 2012 20:06, Root Kev <[email protected]> wrote: > > Is there any eta on when this might be included in a stable release, > > as the CRIME attack vulnerability has come up in our latest network > > audit. Since pound needs to be deployed to quite a few of our > > production servers, we would prefer not to have to manually patch it > on each machine. > > > > Thanks! > > > > Kevin > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
