Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

2025-07-28 Thread Daniel Lewart
Control: tags 943415 patch Kurt, et al, On Thu, 17 Jul 2025 15:01:12 +0200, Kurt Roeckx wrote: > On Thu, Jul 17, 2025 at 01:23:30AM +0200, Vincent Lefevre wrote: > > Control: found -1 2.4.63-1 > > Control: found -1 2.4.64-1 > > Control: tags -1 security > > > > On 2023-11-15 13:32:32 +0100, David

Processed: Re: Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

2025-07-28 Thread Debian Bug Tracking System
Processing control commands: > tags 943415 patch Bug #943415 [apache2] apache2: Disable TLS 1.0 and 1.1 by default Added tag(s) patch. -- 943415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943415 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

2025-07-17 Thread Kurt Roeckx
On Thu, Jul 17, 2025 at 01:23:30AM +0200, Vincent Lefevre wrote: > Control: found -1 2.4.63-1 > Control: found -1 2.4.64-1 > Control: tags -1 security > > On 2023-11-15 13:32:32 +0100, David Prévot wrote: > > Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a écrit : > > > I was expecting TLS

Processed: Re: Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

2025-07-16 Thread Debian Bug Tracking System
Processing control commands: > found -1 2.4.63-1 Bug #943415 [apache2] apache2: Disable TLS 1.0 and 1.1 by default Marked as found in versions apache2/2.4.63-1. > found -1 2.4.64-1 Bug #943415 [apache2] apache2: Disable TLS 1.0 and 1.1 by default Marked as found in versions apache2/2.4.64-1. > tag

Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

2025-07-16 Thread Vincent Lefevre
Control: found -1 2.4.63-1 Control: found -1 2.4.64-1 Control: tags -1 security On 2023-11-15 13:32:32 +0100, David Prévot wrote: > Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a écrit : > > I was expecting TLS 1.0 and 1.1 to be disabled > > Same here. Four years later, RFC 8996 (Depreca

Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

2023-11-15 Thread David Prévot
Hi, Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a écrit : > Package: apache2 > Version: 2.4.38-3 > > Hi, > > I was expecting TLS 1.0 and 1.1 to be disabled Same here. Four years later, RFC 8996 (Deprecating TLS 1.0 and TLS 1.1) has been published and most clients have been updated, so

Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

2019-10-24 Thread Kurt Roeckx
Package: apache2 Version: 2.4.38-3 Hi, I was expecting TLS 1.0 and 1.1 to be disabled, since that's the OpenSSL default. But it seems that apache2 always calls SSL_CTX_set_min_proto_version, with the lowest version that's enabled in the config file, even if the config file doesn't doesn't actuall