Your message dated Thu, 3 Nov 2016 00:30:52 +0100
with message-id <[email protected]>
and subject line Re: [Pkg-nagios-devel] Bug#822955: monitoring-plugins
(2.1.1-1) Disable SSLv3
has caused the Debian Bug report #822955,
regarding monitoring-plugins (2.1.1-1) Disable SSLv3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
822955: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822955
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: monitoring-plugins
Version: 2.1.1
As Described the problem: https://www.rfc-editor.org/rfc/rfc7568.txt
According to rfc7568, sslv3 is no longer considered secure. This patch
disables sslv3 if the system's openssl is compiled without it. (Jessie)
Below is a transcript:
--- monitoring-plugins-2.1.1.orig/plugins/sslutils.c
+++ monitoring-plugins-2.1.1/plugins/sslutils.c
@@ -66,7 +66,12 @@ int np_net_ssl_init_with_hostname_versio
#endif
break;
case 3: /* SSLv3 protocol */
+#if defined(OPENSSL_NO_SSL3)
+ printf(("%s\n", _("CRITICAL - SSL protocol version 3 is
not supported by your SSL library.")));
+ return STATE_CRITICAL;
+#else
method = SSLv3_client_method();
+#endif
break;
default: /* Unsupported */
printf("%s\n", _("CRITICAL - Unsupported SSL protocol
version."));
I am using Debian GNU/Linux 8 (Jessie) , Kernel 3.16.7-ckt25-1 and GLIBC
2.19-18+deb8u4
Regard,
Anoop Seburuth
--- End Message ---
--- Begin Message ---
Source: monitoring-plugins
Source-Version: 2.1.2
Am 29.04.16 um 11:57 schrieb Anoop Seburuth:
> As Described the problem: https://www.rfc-editor.org/rfc/rfc7568.txt
> According to rfc7568, sslv3 is no longer considered secure. This patch
> disables sslv3 if the system's openssl is compiled without it. (Jessie)
this was fixed with the upload of 2.1.2 into unstable. I does not intend
to fix that in stable as it is just a minor issue.
Cheers, Jan.
--
Never write mail to <[email protected]>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS
PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
------END GEEK CODE BLOCK------
signature.asc
Description: OpenPGP digital signature
--- End Message ---
