[Expired for pyopenssl (Ubuntu) because there has been no activity for
60 days.]
** Changed in: pyopenssl (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
It seems this bug report is invalid after all. While the main system
was fully updated, it appears the actual server was running in a
'debootstrap' generated chroot that, while updated regularly, was
missing security related entries from the sources.list inside the
chroot environment. Please
Also please note that the server code Tyler referenced to, as far as I
can determine, imports 'ssl' from the libpython2.7-minimal package.
This bug however seems to relate to the python-openssl package.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
A stripped down version of the server code used. Using this code on a
fully patched Ubuntu 14.04 server, ssllabs will report:
This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and
exploitable. Grade set to F.
** Attachment added: Demo server code
Hi Rob - Thanks for the report!
Fortunately, I can't reproduce your findings. I used the Python HTTPS
server found here:
http://dennis.dieploegers.de/creating-a-ssl-http-server-in-python/
I created a cert using:
$ openssl req -new -x509 -keyout server.pem -out server.pem -days 365
-nodes