[Bug 1381910] Re: Workaround for CVE-2014-3566 (POODLE) required

2020-09-23 Thread gstrauss
Fixed in lighttpd 1.4.29 release Jun 2011, over 9 years ago. https://redmine.lighttpd.net/issues/2246 ** Bug watch added: redmine.lighttpd.net/issues #2246 https://redmine.lighttpd.net/issues/2246 ** Changed in: lighttpd (Ubuntu) Status: Confirmed => Fix Released -- You received this

[Bug 1381910] Re: Workaround for CVE-2014-3566 (POODLE) required

2016-08-13 Thread BlueT - Matthew Lien - 練喆明
Bug still exist. Need a backport. @gstrauss Adding :!SSLv2:!SSLv3 with the cipher-list ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-A

[Bug 1381910] Re: Workaround for CVE-2014-3566 (POODLE) required

2016-06-29 Thread gstrauss
Solution: adjust ssl.cipher-list in lighttpd.conf See also https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/645002 Recommended reading: https://cipherli.st/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad

[Bug 1381910] Re: Workaround for CVE-2014-3566 (POODLE) required

2015-11-30 Thread Mathew Hodson
** Changed in: lighttpd (Ubuntu) Importance: Undecided => Medium ** Tags added: precise ** Tags added: poodle -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381910 Title: Workaround for CVE-201

[Bug 1381910] Re: Workaround for CVE-2014-3566 (POODLE) required

2014-12-16 Thread Mat Johns
Not sure if helps against the Ubuntu patchset; but as a Debian Squeeze user I've backported the required code from 1.4.29 to get this config working for me :) https://github.com/matjohns/squeeze-lighttpd-poodle ~Mat -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1381910] Re: Workaround for CVE-2014-3566 (POODLE) required

2014-11-06 Thread LeGreffier
Hello ; we'll need the same kind of backporting to 10.04. This is a very unusual problem as it's the protocol and not the program that's flawed. I don't know if it's planned too, and if it need a separate ticket. Pleaase advice. Thanks :) -- You received this bug notification because you are a

[Bug 1381910] Re: Workaround for CVE-2014-3566 (POODLE) required

2014-10-19 Thread Ryan Tucker
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3566 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381910 Title: Workaround for CVE-2014-3566 (POODLE) required To manage noti

[Bug 1381910] Re: Workaround for CVE-2014-3566 (POODLE) required

2014-10-16 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lighttpd (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381910 Title: W