-ssl option doesn't work against modern cryptos
Bug #1433565 reported by
Elias Abacioglu
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
httperf (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Since the discovery of recent vulnerabilities httperf's SSL function has been rendered useless because it uses SSLv3 and SSLv3 is nowadays considered insecure/obsolete.
But there is a way to patch it so that it uses TLSv1 instead of SSLv3 when using the -ssl option in httperf.
I have attached a patch and was hoping that someone could package into the ubuntu releases of httperf.
To post a comment you must log in.
The attachment "httperf SSLv3 to TLSv1 patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]