Ubuntu
xchat package

xchat doesn't support TLS 1.x

Bug #1381777 reported by Peter Meiser
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
xchat (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Currently, Xchat uses SSLv3 only.

Please find attached a patch to enable TLS 1.x support. As SSLv3 is vulnerable (poodle security issue), I disabled SSLv2 and SSLv3.

Revision history for this message
Peter Meiser (meiser79) wrote :
Revision history for this message
Peter Meiser (meiser79) wrote :

And here a debdiff for Trusty.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your work, that seems like a change that should be upstream, can you do that?

Revision history for this message
Peter Meiser (meiser79) wrote :

I also reported it upstream. -> http://sourceforge.net/p/xchat/bugs/1598/

But the project seems dormant, that's why I'd like to ask you to include the patch in the Ubuntu package.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in xchat (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

bug #1381484 resolve part of the issue

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I have uploaded SRUs for precise and trusty as part of bug 1381484.

I am uncomfortable disabling SSLv3 completely at this time, the uploaded patch should enable xchat to automatically negotiate the best protocol.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.