[Quantal] Regression in TLS 1.2 workarounds
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenSSL |
Fix Released
|
Unknown
|
|||
openssl (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Quantal |
Fix Released
|
High
|
Unassigned |
Bug Description
openssl 1.0.1c-3ubuntu1 dropped almost all of debian/
However, the dropped pieces of tls12_workaroun
The change from TLS1_get_versions() to TLS1_get_
https:/
This bug can be reproduced with the following command:
$ openssl s_client -connect d2chzxaqi4y7f8.
It will fail unless -tls1 is specified like so:
$ openssl s_client -connect d2chzxaqi4y7f8.
Making this change fixes the problem (ssl3_client_
--- openssl-
+++ openssl-
@@ -491,7 +491,7 @@
- if (TLS1_get_
+ if (TLS1_get_
#endif
Related branches
description: | updated |
tags: | added: rls-q-incoming |
Changed in openssl: | |
status: | Unknown → Fix Released |
I haven't attached a debdiff because it still isn't clear to me if calling TLS1_get_ client_ version( ) is the correct thing to do here. We probably need to open an upstream bug and get their opinion. I am willing to do that tomorrow.