Re: Re: Issue with 1.0.1d with Apache 2.2.23

Thu, 07 Feb 2013 06:53:37 -0800 


>---- Original Message ----
>From: Bruce Cran <br...@cran.org.uk>
>To: openssl-users@openssl.org
>Cc: "James" <ja...@nixsecurity.org>
>Sent: Thu, Feb 7, 2013, 9:48 AM
>Subject: Re: Issue with 1.0.1d with Apache 2.2.23
>
>On 07/02/2013 14:36, James wrote:
>>
>> Just an update, using a SSLCipherSuite in the SSL configuration file for 
>> Apache of RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 works fine. The ciphers 
>> we're using are 
>> DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:DES-CBC3-SHA:RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-SHA:RC4-MD5:RC4-SHA
>>  which is where I see the issue. I suppose I'll have to go through each 
>> cipher to determine the culprit. If I'm on the wrong path here and should be 
>> posting to the Apache mailing list, let me know but as I've stated 
>> previously, OpenSSL 1.0.1c-FIPS works fine with our current cipher suite.
>
>This is probably the same bug that has been discussed recently - see
>"Major OpenSSL 1.0.1d regression from 1.0.1c" on openssl-dev and ticket
>2975 "Regression in OpenSSL 1.0.1d x86_64: Corrrupted data stream". From
>that ticket:
>
>"A serious regression was introduced in 1.0.1d that corrupts the data
>stream under certain circumstances.
>
>Firefox requests to an Apache server running on Linux/X86_64 with
>OpenSSL-1.0.1d result in "501 Server Error" responses.  OpenSSL versions
>1.0.1c and earlier are not affected.  i686 (32 bit) versions are also
>not affected."
>
>And a comment:
>
>"Stop gap measure for now is to revert commit 125093b59f3c
>
>We're looking into the proper fix."
>
>
>--
>Bruce Cran
>
>
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    openssl-users@openssl.org
>Automated List Manager                           majord...@openssl.org

Thank you - next time I have an issue I'll look at the bug tracker first.

James

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to