Ubuntu
openssl package

  1. Bug #1376447
  2. Comment #2

Comment 2 for bug 1376447

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.18

---------------
openssl (1.0.1-4ubuntu5.18) precise-security; urgency=medium

  * SECURITY IMPROVEMENT: remove cipher length limitation that was set to
    work around problematic servers when using TLSv1.2 back in 2012.
    (LP: #1376447)
    - Although TLSv1.2 is disabled for clients by default, forcing it
      enabled would truncate the cipher list, possibly removing important
      ciphers, and was also breaking secure renegotiations.
    - debian/patches/tls12_workarounds.patch: remove
      OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 from Configure.
 -- Marc Deslauriers <email address hidden> Wed, 01 Oct 2014 16:15:14 -0400