Still an issue in bionic after update today (2019-06-13). Setting
ssl.disable-client-renegotiation = "disable" in lighttpd.conf helps, but is not really a solution, because of CVE-2009-3555. lighttpd 1.4.45-1ubuntu3 libssl1.1 1.1.1-1ubuntu2.1~18.04.1 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3555 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800605 Title: lighttpd: "SSL: renegotiation initiated by client, killing connection" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/1800605/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
