I installed these packages (previous, new):

libssl-dev:amd64 (1.0.1f-1ubuntu2.11, 1.0.1f-1ubuntu2.12)
libssl-doc:amd64 (1.0.1f-1ubuntu2.11, 1.0.1f-1ubuntu2.12)
libssl1.0.0:amd64 (1.0.1f-1ubuntu2.11, 1.0.1f-1ubuntu2.12)
openssl:amd64 (1.0.1f-1ubuntu2.11, 1.0.1f-1ubuntu2.12)

which is related to this Ubuntu Security Notification summary:

"The export cipher suites have been disabled in OpenSSL."

References:

* https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1460735
* http://www.ubuntu.com/usn/usn-2624-1/

After installing the updates I rebooted the box because I opted to not target 
individual services for restart. After the restart, clients were not able to 
connect.

Sample log messages for a connection attempt:

Jun  2 18:52:12 grunt prosody[1243]: c2se8fbb0: Client connected
Jun  2 18:52:12 grunt prosody[1243]: c2se8fbb0: Stream encrypted (TLSv1.2 with 
ECDHE-RSA-AES256-SHA)
Jun  2 18:52:12 grunt prosody[1243]: c2se8fbb0: No SASL mechanisms to offer
Jun  2 18:52:12 grunt prosody[1243]: c2se8fbb0: Client disconnected: closed

I've not modified any of the default encryption settings for Prosody. To work 
around this I downgraded the package (thankfully I had an older copy of the 
package on another server that had not yet been upgraded) and restarted Prosody.

Any tips/suggestions you can provide would be appreciated.

These are the ciphers which were disabled via the OpenSSL library update:

EXP-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5

If nobody else is having trouble I suspect that I'm doing something odd.

--
You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.

Reply via email to