Thanks for using Ubuntu and reporting a bug. cyrus-imapd-2.2 is compiled
to use openssl, but openssl in Ubuntu uses the no-ssl2 configure option,
so even though the cipher list reports these, they should not work.
While it would be less confusing to adjust cyrus-imapd-2.2 to not report
this, this is not a change we would want to carry in Ubuntu without it
also bing in Debian. I am going to close this bug as "Invalid" since
cyrus should not actually use sslv2. If this is in error, please feel
free to reopen the bug. If you feel strongly that this should be fixed,
please file a bug with Debian and Ubuntu will get the change
automatically as part of our development process. Thanks again!
** Changed in: cyrus-imapd-2.2 (Ubuntu)
Status: New => Invalid
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/904875
Title:
cyrus default config includes insecure SSLv2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-imapd-2.2/+bug/904875/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
