First Last Prev Next    This bug is not in your last search results.
Bug 37906 - apache: SSL3 protocol attack (ES 3.1)
apache: SSL3 protocol attack (ES 3.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.1-ES
Assigned To: Janek Walkenhorst
Stefan Gohmann
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-02 09:34 CET by Moritz Muehlenhoff
Modified: 2015-09-03 12:58 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
3.1-apache.txt.asc (1.56 KB, text/plain)
2015-08-28 15:32 CEST, Janek Walkenhorst 		Details
3.1-apache.txt.asc (1.56 KB, text/plain)
2015-08-28 15:41 CEST, Janek Walkenhorst 		Details
3.1-univention-apache.txt.asc (1.57 KB, text/plain)
2015-08-28 16:05 CEST, Janek Walkenhorst 		Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-03-02 09:34:00 CET 
We should also fix this in 3.1

+++ This bug was initially created as a clone of Bug #36173 +++

We should raise the minimum TLS version used by Apache to 1.0

Browsers which don't even support TLS are incompatible with the UMC and every other web application offered in the App Center.
Comment 1 Janek Walkenhorst univentionstaff 2015-08-25 14:14:14 CEST 
Fixed in extsec3.1
Tests (i386): OK
Comment 2 Janek Walkenhorst univentionstaff 2015-08-28 15:32:00 CEST 
Created attachment 7138 [details]
3.1-apache.txt.asc
Comment 3 Janek Walkenhorst univentionstaff 2015-08-28 15:41:12 CEST 
Created attachment 7139 [details]
3.1-apache.txt.asc
Comment 4 Janek Walkenhorst univentionstaff 2015-08-28 16:05:38 CEST 
Created attachment 7142 [details]
3.1-univention-apache.txt.asc
Comment 5 Stefan Gohmann univentionstaff 2015-08-28 16:13:27 CEST 
Code review: OK

YAML: OK (3.1-univention-apache.txt.asc)

Tests: OK

wget --secure-protocol=SSLv2 https://$(hostname -f) --no-check-certificate; echo $?
wget --secure-protocol=SSLv3 https://$(hostname -f) --no-check-certificate; echo $?
wget https://$(hostname -f) --no-check-certificate; echo $?
Comment 6 Janek Walkenhorst univentionstaff 2015-09-03 12:58:43 CEST 
Published
First Last Prev Next    This bug is not in your last search results.