© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
This bug still exists in 12.04. My understanding of the technical details of this bug is a bit shallow, so some of my questions, below, may reflect that.
It affects other libraries which use or are recompiled against this library.
In my case, I am having an issue with the OpenLDAP libs which suffer from a similar bug that affects the GnuTLS libs. In earlier versions of Ubuntu, I recompiled the libldap packages using OpenSSL libs. Now, that is no longer successful.
What can be done as a workaround on a firewall or other SSL-enabled service to make clients using this library work? Unfortunately, forcing ldapsearch to use TLSv1.0 is not a configurable option that I could find in either in GnuTLS, OpenLDAP, or OpenSSL.
So, to sum up, my questions are:
1) Is there any hope of having this be fixed "properly", where "properly" follows the "don't break userspace" philosophy?
2) What workarounds are there on the server end? What, for example, would have to happen to make a broken server work? Why do some SSL-enabled services work and some don't?
3) *Is* there a way to configure client libs to force TLSv1.0? The OpenSSL s_client has a CLI option, but I'm asking what can I put in, say, /etc/ldap/ldap.conf or /opt/ssl/ssl.conf or the like to force this?
I'm happy to provide additional debugging data as requested.
Thank you,
JDS