Your message dated Sun, 18 Jan 2015 00:23:16 +0100
with message-id
<[email protected]>
and subject line Re: TLS_FALLBACK_SCSV not supported
has caused the Debian Bug report #765650,
regarding TLS_FALLBACK_SCSV not supported
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
765650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765650
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pound
Version: 2.6-4
Severity: important
Tags: security
The security check at https://www.ssllabs.com/ssltest/ reports:
Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported
It gives a link to the following page:
https://datatracker.ietf.org/doc/draft-bmoeller-tls-downgrade-scsv/
--
Brian May <[email protected]>
--- End Message ---
--- Begin Message ---
Hi,
You wrote at Fri, 17 Oct 2014 11:14:23 +1100:
> The security check at https://www.ssllabs.com/ssltest/ reports:
>
> Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported
That support has been added to openssl in our supported distributions last
October, so is now also supported by pound in those releases.
Cheers,
Thijs
--- End Message ---
