When forcing TLSv1.2, the cipher list is truncated
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Marc Deslauriers |
Bug Description
Back in 2012, enabling TLSv1.2 would break connecting to certain servers. This was worked around in two ways in Ubuntu 12.04 LTS:
- OPENSSL_
- OPENSSL_
Although TLSv1.2 is disabled by default for clients, if it is forced, the cipher list gets truncated.
This will cause the following issues:
- Important ciphers may get dropped
- Secure renegotiation breaks
Ubuntu 14.04 LTS shipped with TLSv1.2 turned on by default, and two years later a lot of problematic equipment has been replaced or upgraded.
This is brought to our attention here:
https:/ /twitter. com/andreasdoto rg/status/ 517328756365873 152