Package: libapache2-mod-gnutls Version: 0.5.10-1.1 Severity: normal Dear Maintainer,
when I try to disable SSLv3 on one of my virtual name based vhosts with this line: GnuTLSPriorities SECURE256:-VERS-SSL3.0:-VERS-TLS1.0:+VERS-TLS1.2:+VERS-TLS1.1 the Qualsys SSL labs test still tells me that my site is offering SSLv3. Even worse when I try: GnuTLSPriorities -VERS-SSL3.0:-VERS-TLS1.0:+VERS-TLS1.2:+VERS-TLS1.1 because then no error is logged at a "apache reload", but my site presents the wrong SSL certificate. -- System Information: Debian Release: 7.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libapache2-mod-gnutls depends on: ii libapr-memcache0 0.7.0-1 ii libc6 2.13-38+deb7u3 ii libgnutls26 2.12.20-8+deb7u2 libapache2-mod-gnutls recommends no packages. libapache2-mod-gnutls suggests no packages. -- Configuration Files: /etc/apache2/sites-available/default-tls changed: <IfModule mod_gnutls.c> GnuTLSCache none none <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined GnuTLSEnable On # GnuTLSKeyFile /etc/ssl/private/apache-new.key # GnuTLSCertificateFile /etc/ssl/certs/tuxfriends.net+cacert.pem GnuTLSKeyFile /etc/ssl/private/apache.key GnuTLSCertificateFile /etc/ssl/certs/binky.tuxfriends.net.pem GnuTLSPriorities NORMAL </VirtualHost> </IfModule> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org