The libanyevent-perl version 7.140-3 included a fix for this. It migrated to the then still testing (buster was not yet released) on 07.04.2019, and so we can safely revert this workaround again here.
Albeit this was fixed since Buster was officially released, still bump the version dependency to libanyevent-perl in debian/control. A future libanyevent-perl will use "ffdhe3072" for DH; another good reason to revert this, to not keep hardcoded parameters with possible (future) security implications here. [0]: https://tracker.debian.org/news/1037514/libanyevent-perl-7140-3-migrated-to-testing/ This reverts commit ea574439f76bb3914b8b8c0be8e40ee826c95afc. Signed-off-by: Thomas Lamprecht <t.lampre...@proxmox.com> --- PVE/APIServer/AnyEvent.pm | 3 --- debian/control | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm index 9aba27d..539a156 100644 --- a/PVE/APIServer/AnyEvent.pm +++ b/PVE/APIServer/AnyEvent.pm @@ -591,9 +591,6 @@ sub proxy_request { sslv2 => 0, sslv3 => 0, verify => 1, - # be compatible with openssl 1.1, fix for debian bug #923615 - # remove once libanyeven-perl with this fix transitions to buster - dh => 'schmorp2048', verify_cb => sub { my (undef, undef, undef, $depth, undef, undef, $cert) = @_; # we don't care about intermediate or root certificates diff --git a/debian/control b/debian/control index a784039..b1409e4 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Homepage: https://www.proxmox.com Package: libpve-http-server-perl Architecture: all Depends: libanyevent-http-perl, - libanyevent-perl, + libanyevent-perl (>= 7.140-3), libcrypt-ssleay-perl, libhtml-parser-perl, libhttp-date-perl, -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
