This bug was fixed in the package openssl - 1.0.1-4ubuntu5.18
---------------
openssl (1.0.1-4ubuntu5.18) precise-security; urgency=medium
* SECURITY IMPROVEMENT: remove cipher length limitation that was set to
work around problematic servers when using TLSv1.2 back in 2012.
(LP: #1376447)
- Although TLSv1.2 is disabled for clients by default, forcing it
enabled would truncate the cipher list, possibly removing important
ciphers, and was also breaking secure renegotiations.
- debian/patches/tls12_workarounds.patch: remove
OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 from Configure.
-- Marc Deslauriers <[email protected]> Wed, 01 Oct 2014 16:15:14
-0400
** Changed in: openssl (Ubuntu Precise)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1376447
Title:
When forcing TLSv1.2, the cipher list is truncated
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1376447/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
