On 23/10/2014 04:46, Desai, Jason wrote:
I ran into this bug too - not fun. I was not able to find a work around until I started investigating how to disable SSLv3 to protect against POODLE. Since it seems that the issue is with TLS 1.2 and SHA512, I think you can disable the TLS 1.2 protocol altogether as a work around until this gets fixed properly. Don't forget to disable SSLv3 while you're at it.
Thanks for the tip. I have only recently discovered that CACert have been offering SHA256 certificates for several months, but the option is only shown when you add a new server. This provides an alternative work around for those trying to use CACert certificates. For details see:
http://blog.cacert.org/2014/06/selection-of-hash-algorithm-during-certificate-creation/ Roger -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
