[Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

Tue, 13 Jan 2015 11:31:38 -0800 

Tried that just now. I got the following error:

Syntax error on line 29 of /etc/apache2/sites-enabled/{redacted}:
SSLProtocol: Illegal protocol 'TLSv1.1'
Action 'configtest' failed.
The Apache error log may have more information.

Error log did not have more info (probably because it was only a config
test). Even if this worked however it would not likely be acceptable, as
SSLv2 and SSLv3 would need to be disabled for PCI compliance checking,
since their scanners cite them as vulnerable to exploits.

I believe I am using nearly the newest Apache packages, if not the
newest, for 12.04.5 LTS:

root@db3:~# dpkg-query --list apache2*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  apache2        2.2.22-1ubuntu Apache HTTP Server metapackage
un  apache2-common <none>         (no description available)
un  apache2-doc    <none>         (no description available)
un  apache2-mpm    <none>         (no description available)
un  apache2-mpm-ev <none>         (no description available)
un  apache2-mpm-it <none>         (no description available)
ii  apache2-mpm-pr 2.2.22-1ubuntu Apache HTTP Server - traditional non-threade
un  apache2-mpm-wo <none>         (no description available)
un  apache2-suexec <none>         (no description available)
un  apache2-suexec <none>         (no description available)
ii  apache2-utils  2.2.22-1ubuntu utility programs for webservers
ii  apache2.2-bin  2.2.22-1ubuntu Apache HTTP Server common binary files
ii  apache2.2-comm 2.2.22-1ubuntu Apache HTTP Server common files

root@db3:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.5 LTS
Release:        12.04
Codename:       precise

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1400473

Title:
  Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is
  vulnerable to BEAST attack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1400473/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to