Package: libapache2-mod-gnutls Version: 0.5.10-4 Followup-For: Bug #754960 Dear Maintainer,
With the poodle bug, I tried disabling SSL3 and TLS1.0 of guntls without success. I tested a HTTPS test web site with the sslscan command and the site https://www.ssllabs.com/ssltest. I changed the GnuTLSPriorities directive without that change the test results, it's always the same versions of SSL and TLS in the results. I feel that GnuTLSPriorities directive has no effect. I tested: - GnuTLSPriorities NONE:+AES-128-CBC:+ARCFOUR-128:+RSA:+SHA1:+MD5:+COMP-NULL - GnuTLSPriorities NONE:+VERS-TLS1.1:+ARCFOUR-128:+RSA:+SHA1:+COMP-NULL - GnuTLSPriorities SECURE256:-VERS-SSL3.0:-VERS-TLS1.0:-ARCFOUR-128:-RSA:-AES-128-CBC:-CAMELLIA-128-CBC:-3DES-CBC - GnuTLSPriorities SECURE - GnuTLSPriorities PERFORMANCE Every time I restarted apache, the test results do not change. Regards. -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libapache2-mod-gnutls depends on: ii apache2-bin [apache2-api-20120211] 2.4.10-3 ii libapr-memcache0 0.7.0-3 ii libc6 2.19-11 ii libgnutls26 2.12.23-17 libapache2-mod-gnutls recommends no packages. libapache2-mod-gnutls suggests no packages. -- Configuration Files: /etc/apache2/mods-available/gnutls.conf changed: <IfModule mod_gnutls.c> # The default method is to use a DBM backed cache. It's not super fast, but # it's portable and doesn't require another server to be running like # memcached #GnuTLSCache dbm /var/cache/apache2/gnutls_cache # mod_gnutls can optionaly use a memcached server to store SSL sessions. # This is useful in a cluster environment, where you want all your servers to # share a single SSL session cache #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com" GnuTLSCache memcache "127.0.0.1" </IfModule> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org