This new TLS 1.2 support does not seem to be reflected in Apache2 on 12.04 LTS. It's all well and good that OpenSSL may now be running 1.0.1, but it does not look as though apache has been recompiled against it, and so it is still stuck with only TLS 1.0, which is vunerable to the BEAST attack, thereby making anyone running a webserver on this release PCI non-compliant.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1256576 Title: Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1256576/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
