[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

Fixed in latest NGINX upload to the PPAs. ** Changed in: nginx Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1383379 Title: nginx

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

In discussion with mdeslaur on IRC, I'm attaching DebDiffs for Ubuntu in the off chance the release team wishes to push these changes. A few extra details as to why this is extremely relevant to being pushed and updated: A lot of newbie users that we see in the NGINX IRC channel for support end

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

** Patch added: Precise Debdiff for Ubuntu https://bugs.launchpad.net/nginx/+bug/1383379/+attachment/4241830/+files/nginx_sslv3_remove_debdiff_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu.

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

NOTE: I didn't know where to target this for Utopic, so I just targeted it to 'utopic'. Please change that if it is not valid. ** Patch added: Utopic Debdiff for Ubuntu https://bugs.launchpad.net/nginx/+bug/1383379/+attachment/4241835/+files/nginx_sslv3_remove_debdiff_utopic.debdiff **

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

** Patch added: Trusty Debdiff for Ubuntu https://bugs.launchpad.net/nginx/+bug/1383379/+attachment/4241832/+files/nginx_sslv3_remove_debdiff_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu.

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

The attachment Precise Debdiff for Ubuntu seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the patch flag from the attachment, remove the patch tag, and

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

(nginx project) Updated packages uploaded to the staging PPA, pending building. ** Changed in: nginx Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu.

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

** Also affects: nginx (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: nginx (Ubuntu Utopic)

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

** Tags added: poodle -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1383379 Title: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to

[Bug 1383379] Re: nginx default config has SSLv3 enabled, makes sites using default config options vulnerable to POODLE

** Description changed: The included `default` config file contains a commented-out section for SSL. That SSL section has the SSLv3 parameter provided for `ssl_protocols`. This means that systems are vulnerable to SSLv3 and the POODLE vulnerability. Can we remove that from the