Please disregard my prior message. It was directed to the incorrect
recipients. My apologies for any inconvenience that might have been caused.
-Original Message-
From: Charles Stewart
Sent: Monday, December 08, 2014 5:57 PM
To: 'debian-security@lists.debian.org';
debian-security-anno
We don't run the bind9 server on production appliances, but we do pull in the
bind9 client libs and tools, so that will need updating.
-Original Message-
From: Giuseppe Iuculano [mailto:iucul...@debian.org]
Sent: Monday, December 08, 2014 4:43 PM
To: debian-security-annou...@lists.debian
On 08/12/14 21:16, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
>>
>> If I understand your reply correctly, the version in Ubuntu and Fedora
>> will still talk TLS 1.0 with the version now waiting in jessie?
>
> Yes.
>
>> Do you believe it would be reasona
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
>
> If I understand your reply correctly, the version in Ubuntu and Fedora
> will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
> Do you believe it would be reasonable for me to request a smaller
> unblock that just
On 08/12/14 20:06, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
>>
>> Is it something that is going to happen with Ubuntu releases next year
>> (e.g. April 2015)?
>>
>> If so, it means that the repro package in jessie won't talk to a repro
>> package in Ubun
On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
>
> Is it something that is going to happen with Ubuntu releases next year
> (e.g. April 2015)?
>
> If so, it means that the repro package in jessie won't talk to a repro
> package in Ubuntu.
I think there is some misunderstanding.
On 08/12/14 19:25, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
>>
>> Will the TLSv1 method be removed in jessie or while jessie is still
>> supported?
>
> This is something post jessie.
>
Is it something that is going to happen with Ubuntu releases next
On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
>
> Will the TLSv1 method be removed in jessie or while jessie is still
> supported?
This is something post jessie.
Kurt
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Troubl
On 08/12/14 18:58, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
>>
>> I have no idea what technology is in use in the remote/client system.
>>
>> If my server socket is using TLSv1_method it is rejecting the connection
>> and logging those errors on my serve
On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
>
> I have no idea what technology is in use in the remote/client system.
>
> If my server socket is using TLSv1_method it is rejecting the connection
> and logging those errors on my server:
>
> error:1408F10B:SSL routines:SSL3_GET_
On 08/12/14 13:53, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
Just one other point: if somebody is trying sending the client hello
using SSL v2 record layer but indicating support for TLS v1.0, should
TLSv1_method or SSLv23_method accept that?
On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
> >> Just one other point: if somebody is trying sending the client hello
> >> using SSL v2 record layer but indicating support for TLS v1.0, should
> >> TLSv1_method or SSLv23_method accept that?
> > I would expect that both should sup
On 08/12/14 12:36, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
>> On 08/12/14 11:12, Kurt Roeckx wrote:
>>> On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- set
On 08/12/14 12:04, Thijs Kinkhorst wrote:
> On Mon, December 8, 2014 11:17, Daniel Pocock wrote:
>> In the library package (libresiprocate-1.9.deb) there is no default
>> SSL/TLS mode. It uses whatever the project using the library selects.
>> If some developer wants to enable dynamic selection of
On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
> On 08/12/14 11:12, Kurt Roeckx wrote:
> > On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
> >> Hi all,
> >>
> >> I've made some changes to TLS code in reSIProcate
> >>
> >> - setting OpenSSL's SSL_OP_NO_SSLv3 by default
On Mon, December 8, 2014 11:17, Daniel Pocock wrote:
> In the library package (libresiprocate-1.9.deb) there is no default
> SSL/TLS mode. It uses whatever the project using the library selects.
> If some developer wants to enable dynamic selection of TLS version by
> using SSLv23_method then they
On 08/12/14 11:12, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
>> Hi all,
>>
>> I've made some changes to TLS code in reSIProcate
>>
>> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
> This has no effect in jessie. SSLv2 and SSLv3
On 08/12/14 10:48, Thijs Kinkhorst wrote:
> Hi Daniel,
>
> On Mon, December 8, 2014 09:16, Daniel Pocock wrote:
>> I've made some changes to TLS code in reSIProcate
>>
>> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
>>
>> - adding configuration options to override the o
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
>
> Hi all,
>
> I've made some changes to TLS code in reSIProcate
>
> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
This has no effect in jessie. SSLv2 and SSLv3 are disabled if you
use the SSLv23_* meth
Hi Daniel,
On Mon, December 8, 2014 09:16, Daniel Pocock wrote:
> I've made some changes to TLS code in reSIProcate
>
> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
>
> - adding configuration options to override the options to
> SSL_CTX_set_options (as it is possible t
On 08/12/14 10:20, Adam D. Barratt wrote:
> On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote:
> [...]
>> If it will help the release team, is there anybody from the security
>> team who could review the changes in my debdiff?
> Note that debian-security@lists.debian.org is not a contact addre
On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote:
[...]
> If it will help the release team, is there anybody from the security
> team who could review the changes in my debdiff?
Note that debian-security@lists.debian.org is not a contact address for
the security team.
(Also I don't see anyt
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
- adding configuration options to override the options to
SSL_CTX_set_options (as it is possible there will be some user with old
VoIP hardware out there who wants
23 matches
Mail list logo
