Hi thanks for the info, Its not in debian 7 wheezy yet, Do you have the
official merged patch so I can point that patch to debian maintainers?
they are using 2.6 but should be ok to backport if the patch is for 2.7
Thanks!
2013-11-13 13:58, Joe Gooch skrev:
I’m not sure what news you’re looking for. It’s been patched since
10/05/2012.
Could you be more specific?
Joe
*From:*Stefan Eriksson [mailto:[email protected]]
*Sent:* Wednesday, November 13, 2013 6:11 AM
*To:* [email protected]
*Subject:* [Pound Mailing List] Disabling SSL Compression option in
Stable Release
> > You can use my stage for 2.7b branch if that's easier, which
already has the CRIME patch applied for openssl pre 1.0 and 1.0+.
> > https://github.com/goochjj/pound/tree/stage_for_upstream/v2.7b
<https://github.com/goochjj/pound/tree/stage_for_upstream/v2.7b>
> > Or you can borrow the patch from the last commit to that branch.
> > Joe
> Hi Chris,
>
> This isn't working for me, but thanks for the suggestions!
>
> I think Joe, I will check out your git code and compile that. Sounds
> like a good way forward!
>
> Many thanks all,
> James.
Any news about this? Its a pretty serious issue,
https://www.ssllabs.com/ is reporting about this CRIME issue.
Many thanks
Stefan
