Your message dated Mon, 23 Jan 2017 13:34:32 +0000
with message-id <[email protected]>
and subject line Bug#846085: fixed in nginx 1.10.2-4
has caused the Debian Bug report #846085,
regarding nginx-light: "ssl_ecdh_curve X25519" doesn't work
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
846085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846085
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nginx-light
Version: 1.10.2-2
Severity: normal
Tags: security
Using:
ssl_ecdh_curve X25519;
in /etc/nginx/sites-available/<host> results in nginx refusing to start with
the following error:
Unable to create curve "X25519" (SSL: error:100AE081:elliptic curve
routines:EC_GROUP _new_by_curve_name:unknown group)
Using:
ssl_ecdh_curve x25519;
results in nginx refusing to start with the following error:
Unknown curve name "x25519" (SSL:)
The bug is probably caused by nginx not accounting for OpenSSL using a
different API for x25519 and for other elliptic curves.
In absence of specific choice, nginx uses the default OpenSSL elliptic curve
list, which as of OpenSSL 1.1.0c includes the secp256r1, secp384r1, and
secp521r1 curves, known to be possibly backdoored.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (800, 'testing'), (700, 'unstable'), (600, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nginx-light depends on:
ii libc6 2.24-5
ii libnginx-mod-http-echo 1.10.2-2
ii libpcre3 2:8.39-2
ii libssl1.1 1.1.0c-2
ii nginx-common 1.10.2-2
ii zlib1g 1:1.2.8.dfsg-2+b3
nginx-light recommends no packages.
Versions of packages nginx-light suggests:
ii nginx-doc 1.10.2-2
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: nginx
Source-Version: 1.10.2-4
We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christos Trochalakis <[email protected]> (supplier of updated nginx
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 22 Jan 2017 12:19:30 +0200
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-full nginx-light nginx-extras
libnginx-mod-http-geoip libnginx-mod-http-image-filter
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
libnginx-mod-http-perl libnginx-mod-http-auth-pam libnginx-mod-http-lua
libnginx-mod-http-ndk libnginx-mod-nchan libnginx-mod-http-echo
libnginx-mod-http-upstream-fair libnginx-mod-http-headers-more-filter
libnginx-mod-http-cache-purge libnginx-mod-http-fancyindex
libnginx-mod-http-uploadprogress libnginx-mod-http-subs-filter
libnginx-mod-http-dav-ext
Architecture: source
Version: 1.10.2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers
<[email protected]>
Changed-By: Christos Trochalakis <[email protected]>
Description:
libnginx-mod-http-auth-pam - PAM authentication module for Nginx
libnginx-mod-http-cache-purge - Purge content from Nginx caches
libnginx-mod-http-dav-ext - WebDAV missing commands support for Nginx
libnginx-mod-http-echo - Bring echo and more shell style goodies to Nginx
libnginx-mod-http-fancyindex - Fancy indexes module for the Nginx
libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
libnginx-mod-http-headers-more-filter - Set and clear input and output headers
for Nginx
libnginx-mod-http-image-filter - HTTP image filter module for Nginx
libnginx-mod-http-lua - Lua module for Nginx
libnginx-mod-http-ndk - Nginx Development Kit module
libnginx-mod-http-perl - Perl module for Nginx
libnginx-mod-http-subs-filter - Substitution filter module for Nginx
libnginx-mod-http-uploadprogress - Upload progress system for Nginx
libnginx-mod-http-upstream-fair - Nginx Upstream Fair Proxy Load Balancer
libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
libnginx-mod-mail - Mail module for Nginx
libnginx-mod-nchan - Fast, flexible pub/sub server for Nginx
libnginx-mod-stream - Stream module for Nginx
nginx - small, powerful, scalable web/proxy server
nginx-common - small, powerful, scalable web/proxy server - common files
nginx-doc - small, powerful, scalable web/proxy server - documentation
nginx-extras - nginx web/proxy server (extended version)
nginx-full - nginx web/proxy server (standard version)
nginx-light - nginx web/proxy server (basic version)
Closes: 843770 844712 845693 846085 846522 850857
Changes:
nginx (1.10.2-4) unstable; urgency=medium
.
* Switch module reloading logic to dpkg triggers.
* Enable modules after a remove -> install cycle.
* Move module patches to debian/modules/patches.
* Backport curve list support from 1.11.x. (Closes: #846085)
* Add a NEWS entry regarding dynamic modules.
* Merge de,fr,nl,pt_BR,da translations.
Thanks to Chris Leick. (Closes: #843770)
Thanks to Julien Patriarca. (Closes: #844712)
Thanks to Frans Spiesschaert. (Closes: #845693)
Thanks to Adriano Rafael Gomes. (Closes: #846522)
Thanks to Joe Dalton. (Closes: #850857)
Checksums-Sha1:
7f5b7870f70ce4f27790bde2a3a3d1f8f5af9e78 4210 nginx_1.10.2-4.dsc
75db1f237fa1220dcd768fb15620ed4575121289 844328 nginx_1.10.2-4.debian.tar.xz
Checksums-Sha256:
01e14c1234ccd8762834325851a84f6f677eb8df09931bf3e789fea4a8d46a0e 4210
nginx_1.10.2-4.dsc
11bbf8112e5d83e1586e31324c9261f1383d3cc669959eefb2c161f354f1603f 844328
nginx_1.10.2-4.debian.tar.xz
Files:
c383f35606d0d3e75b82282341b66738 4210 httpd optional nginx_1.10.2-4.dsc
cf6e4cc95edcb6cefd9267a633467572 844328 httpd optional
nginx_1.10.2-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEf2SPbCEjyY+zKcgrETYmAKdH7NkFAliF/sQACgkQETYmAKdH
7NnJwxAApRPkiQ7NwrA5aWwHlYfIWLIAtzTM2657nSCJAmK/vfalkhpgod0sFGVA
aqBi1vw8GmJ19ZqY6tUMw9lhxFdPIZWAjhHFN1+Dd5tB+LRefb6qdAt7z5dKYr34
lREFJ0lakwEJ+LMfFZroWPOVr6uQNuZTJI4QMe92q1d8AMtTe4gaKPJFv5gM1eVr
Ep/89/fd0np/aqAvIrgtAygnBWhEQHBmrxi60nluwOa6X5loK6Jks/b+ClD0gxNF
twP6acMG3RQ7f4dyQoB9Ma174hkbd3WAUetlkp91HWr1QPcqxwhIzjHo5WUdk0nU
Ypb/zLSfvp9iwGfGECpWTpKMVwLtShtk6GOmxPy72sXnPS6KoroVBXF/EPAW/cGH
nNIc7/VFwVBEWvliEBWgJ6V2R+Gxn2kXFOnJW11IlVKXFv/ZcIL+gBV9fHopagmu
+G8B5RP6lHB5gk3rI3tcViGJRGCY9NoqAU8/vWC6rWAhHWOlGh/Ou2/q6vreCh6b
xhCk9334a1+gAZ9LOV3naaJRtYwxH+RnjKRnRFCIcb0raSboxs6wxKiMO+dBc3DK
UB77b40vVQaOyuxlC1Jol7zv5iQT1WGZix4a1Zlt98UjZaifg3h6ROYkUcFCPCLv
rTjonXXD8IJB6oeOqtzzErN/iUOOkNeP3EEY22d7pzz+fS7blEI=
=owK6
-----END PGP SIGNATURE-----
--- End Message ---
