Ubuntu
lighttpd package

Error after openssl update

Bug #645002 reported by Klaus Purer on 2010-09-22
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Triaged
High
Unassigned
Nominated for Karmic by Klaus Purer
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

Binary package hint: lighttpd

After the recent openssl update (0.9.8g-16ubuntu3.1 to 0.9.8g-16ubuntu3.2) lighttpd does not start anymore. Error message:

# /etc/init.d/lighttpd start
Syntax OK
 * Starting web server lighttpd 2010-09-22 10:27:46: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)

Ubuntu 9.10 Karmic
lighttpd package version: 1.4.22-1ubuntu4

Klaus Purer (klausi) wrote :

workaround from https://bugzilla.redhat.com/show_bug.cgi?id=577546#c1

set
ssl.use-sslv2 = "enable"

in the appropriate places in the config. This will enable SSLv2, but you can
prevent actual working SSLv2 negotiation by massaging the cipher list, for
example like this:

ssl.cipher-list = "TLSv1+HIGH RC4+MEDIUM !SSLv2 !3DES !aNULL @STRENGTH"

Daniel Hahler (blueyed) wrote :

Upstream patch: http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2716
Upstream bug: http://redmine.lighttpd.net/issues/2157

Changed in lighttpd (Ubuntu):
status: New → Triaged
importance: Undecided → High
tags: added: patch
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.