Deprecated elliptic curves offered through TLS
Bug #2051379 reported by
Adrien Nader
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
erlang (Ubuntu) |
Fix Released
|
Undecided
|
Adrien Nader |
Bug Description
The TLS implementation in erlang uses the elliptic curves defined in RFC4492 but most of these have been obsoleted years ago by RFC8422. Moreover, some of the size of some of these is too small today.
There is a patch upstream at https:/
Related branches
~adrien/ubuntu/+source/erlang:remove-small-legacy-elliptic-curves
- Nick Rosbrook (community): Approve
- git-ubuntu import: Pending requested
- Ubuntu Sponsors: Pending requested
-
Diff: 128 lines (+86/-2)5 files modifieddebian/changelog (+6/-0)
debian/control (+2/-1)
debian/control.in (+2/-1)
debian/patches/remove-small-curves-462840f8e26d22ef9164ada13489b6b910a25189.patch (+73/-0)
debian/patches/series (+3/-0)
~adrien/ubuntu/+source/erlang:remove-small-legacy-elliptic-curves
Superseded
for merging
into
ubuntu/+source/erlang:ubuntu/devel
- Ubuntu Sponsors: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 128 lines (+86/-2)5 files modifieddebian/changelog (+6/-0)
debian/control (+2/-1)
debian/control.in (+2/-1)
debian/patches/remove-small-curves-462840f8e26d22ef9164ada13489b6b910a25189.patch (+73/-0)
debian/patches/series (+3/-0)
Changed in erlang (Ubuntu): | |
status: | New → In Progress |
To post a comment you must log in.
This bug was fixed in the package erlang - 1:25.3. 2.8+dfsg- 1ubuntu1
--------------- 2.8+dfsg- 1ubuntu1) noble; urgency=medium
erlang (1:25.3.
* ssl: remove small and legacy elliptic curves (LP: #2051379)
-- Adrien Nader <email address hidden> Fri, 26 Jan 2024 17:43:30 +0100