[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

While apache in Ubuntu 12.04 does support TLSv1.2, it doesn't allow specifying the configuration options to selectively disable TLSv1.0. The following commit needs to be backported: https://svn.apache.org/viewvc?view=revision&revision=1445104 ** Package changed: openssl (Ubuntu) => apache2 (Ubun

[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

** Changed in: openssl (Ubuntu) Status: Expired => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS only suppo

[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

This should not be considered imcomplete now and thus should not have expired. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS

[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

[Expired for openssl (Ubuntu) because there has been no activity for 60 days.] ** Changed in: openssl (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bu

[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

Tried that just now. I got the following error: Syntax error on line 29 of /etc/apache2/sites-enabled/{redacted}: SSLProtocol: Illegal protocol 'TLSv1.1' Action 'configtest' failed. The Apache error log may have more information. Error log did not have more info (probably because it was only a co

[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

Sorry, the output of dpkg-query was rather inconveniently truncated, I am infact using version "2.2.22-1ubuntu1.7" of those packages. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.n

[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

Can you try with: SSLProtocol +TLSv1.1 +TLSv1.2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is

[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

Sorry for the incomplete details. The problem is when I set the SSLProtocol parameter in Apache as follows: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 or: SSLProtocol TLSv1.1 TLSv1.2 I received the following message in the server logs: [Mon Dec 08 12:32:38 2014] [error] No SSL protocols available [

[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

Apache 2.2 on 12.04 LTS does support TLSv1.1 and TLSv1.2 just fine. Could you describe why you think it's not supported? ** Changed in: openssl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subs