Bug#754960: libapache2-mod-gnutls: cannot disable SSLv3

Wed, 15 Oct 2014 15:30:42 -0700 

Package: libapache2-mod-gnutls
Version: 0.5.10-4
Followup-For: Bug #754960

Dear Maintainer,

With the poodle bug, I tried disabling SSL3 and TLS1.0 of guntls without 
success.

I tested a HTTPS test web site with the sslscan command and the site 
https://www.ssllabs.com/ssltest. I changed the GnuTLSPriorities directive 
without that change the test results, it's always the same versions of SSL and 
TLS in the results. I feel that GnuTLSPriorities directive has no effect.

I tested:
- GnuTLSPriorities NONE:+AES-128-CBC:+ARCFOUR-128:+RSA:+SHA1:+MD5:+COMP-NULL

- GnuTLSPriorities NONE:+VERS-TLS1.1:+ARCFOUR-128:+RSA:+SHA1:+COMP-NULL

- GnuTLSPriorities 
SECURE256:-VERS-SSL3.0:-VERS-TLS1.0:-ARCFOUR-128:-RSA:-AES-128-CBC:-CAMELLIA-128-CBC:-3DES-CBC

- GnuTLSPriorities SECURE

- GnuTLSPriorities PERFORMANCE

Every time I restarted apache, the test results do not change.


Regards.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libapache2-mod-gnutls depends on:
ii  apache2-bin [apache2-api-20120211]  2.4.10-3
ii  libapr-memcache0                    0.7.0-3
ii  libc6                               2.19-11
ii  libgnutls26                         2.12.23-17

libapache2-mod-gnutls recommends no packages.

libapache2-mod-gnutls suggests no packages.

-- Configuration Files:
/etc/apache2/mods-available/gnutls.conf changed:
<IfModule mod_gnutls.c>
  # The default method is to use a DBM backed cache.  It's not super fast, but
  # it's portable and doesn't require another server to be running like
  # memcached
  #GnuTLSCache dbm /var/cache/apache2/gnutls_cache
  # mod_gnutls can optionaly use a memcached server to store SSL sessions.
  # This is useful in a cluster environment, where you want all your servers to
  # share a single SSL session cache
  #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"
  GnuTLSCache memcache "127.0.0.1"
</IfModule>


-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to