openssl: disable compression
This update disables compression in openssl by default, as
the varying sizes resulting from compression can be used to
retrieve plaintext in various cases. (CRIME attack CVE-2012-4929).
This update introduces a environment variable
OPENSSL_NO_DEFAULT_ZLIB
which can be set to "no" to reenable compression in selected
services.
-
Submitted by
Marcus Meissner (msmeissn)
Fixed bugs
bnc#793420
VUL-1: CVE-2012-4929: apache2: CRIME attack
