Bug 45922 – Apache does not support SSLv3 anymore

Bug 45922 - Apache does not support SSLv3 anymore


Summary:	Apache does not support SSLv3 anymore

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Apache
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.3
Assigned To:	Florian Best
QA Contact:	Philipp Hahn

URL:
Keywords:	interim-2

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-12-21 11:05 CET by Florian Best
Modified:	2018-03-14 14:38 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2017-12-21 11:05:05 CET

23_apache/20_ssl-protocols

[2017-12-20 08:21:32.107381] Create apache2/ssl/v3
[2017-12-20 08:21:32.266882] File: /etc/apache2/mods-available/ssl.conf
(2017-12-20 08:21:32.616225) AH00526: Syntax error on line 59 of /etc/apache2/mods-enabled/ssl.conf:


We should remove the UCR variable "apache2/ssl/v3".

Comment 1 Florian Best

2017-12-21 11:30:02 CET

UCR variable has been removed.

changelog-4.3-0.xml
9cd3a454c6b9 | Bug #45922: Changelog

ucs-test (8.0.1-1)
d56841314312 | Bug #45922: adjust test case 23_apache/20_ssl-protocols

univention-apache (10.0.0-4)
fbc35f745a00 | Bug #45922: remove UCR variable "apache2/ssl/v3".

Comment 2 Florian Best

2017-12-30 14:34:14 CET

The test case still fails because threre are parts which still check for SSLv3.

Comment 3 Florian Best

2018-01-18 13:26:34 CET

Hmm, even openssl s_client -tls1 doesn't work correctly anymore.

Comment 4 Florian Best

2018-01-22 21:08:13 CET

The output of openssl changed. There are new error messages:
"tlsv1 alert protocol version"
"write:errno=0"

changelog-4.3-0.xml
2d10dee30387 | Bug #45922: Changelog

ucs-test (8.0.16-8)
173391c784fa | Bug #45922: fix apache protocol tests
cb55c7a43734 | Bug #45922: SSLv3 is not supported anymore
61bcacb98b42 | Bug #45922: adjust test case 23_apache/20_ssl-protocols

univention-apache (10.0.0-4)
02af4729fb41 | Bug #45922: remove UCR variable "apache2/ssl/v3".

Comment 5 Philipp Hahn

2018-02-05 14:33:16 CET

OK: 2d10dee30387d66c3f17d98e41a353712f8e02fa Bug #45922: Changelog
OK: 02af4729fb4104665d9fe6fa738c046530f554bd Bug #45922: remove UCR variable "apache2/ssl/v3".
OK: 61bcacb98b4239faa2bd06740d55f57aa2361926 Bug #45922: adjust test case 23_apache/20_ssl-protocols
OK: cb55c7a437349bcc051bd69b98d01b2610018930 Bug #45922: SSLv3 is not supported anymore
OK: 173391c784faa4ca617f7a565a276d4dd61da34f Bug #45922: fix apache protocol tests

OK: git grep apache2/ssl/v3
OK: <http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-0/job/AutotestJoin/lastCompletedBuild/testReport/>
OK: dpkg-query -W univention-apache # 10.0.2-0A~4.3.0.201801311321

Comment 6 Stefan Gohmann

2018-03-14 14:38:18 CET

UCS 4.3 has been released:
 https://docs.software-univention.de/release-notes-4.3-0-en.html
 https://docs.software-univention.de/release-notes-4.3-0-de.html

If this error occurs again, please use "Clone This Bug".