>From RH Bug list:
It appears the cause was identified and fixed in the latest haproxy upstream
release, 1.5.7. From the release announcement on the haproxy mailing list:
- John Leach reported an interesting bug in the way SSL certificates were
loaded : if a certificate with an invalid subject (no parsable CN) is
loaded as the first in the list, its context will not be updated with the
bind line arguments, resulting in such a certificate to accept SSLv3
despite the "no-sslv3" keyword. That was diagnosed and fixed by Emeric.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1383704
Title:
Can't switch off SSLv3 cipher groups in haproxy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1383704/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
