Full_Name: Havard Eidnes Version: 2.4.44 OS: NetBSD URL: Submission from: (NULL) (2001:700:1:0:eeb1:d7ff:fe59:fbaa)
Hi, CVE-2015-3276 appears to be unfixed in 2.4.44, and from several attempts at finding the bug reported in your mailing list archive I came up empty. So ... The best I've found from this CVE is RedHat's bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=1238322 which contains a (suggested) patch. Summarized: The openldap (for NSS) emulation of the openssl cipherstring parsing code incorrectly implements the multi-keyword mode. As a consequence anyone using a combination like: ECDH+SHA will not get the expected set of ciphers [...] (I'm somewhat dismayed that this was apparently not reported upstream earlier...) Best regards, - HÃ¥vard
