** Tags added: bionic-openssl-1.1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832295
Title:
lighttpd broken by OpenSSL update
To manage notifications about this bug go to:
https://bugs.launchpad
This bug was fixed in the package lighttpd - 1.4.45-1ubuntu3.18.04
---
lighttpd (1.4.45-1ubuntu3.18.04) bionic; urgency=medium
* Cherrypick and rebase upstream patch to disable client renegotiation
with TLSv1.3 connections. LP: #1832295
-- Dimitri John Ledkov Mon, 24 Jun 201
This bug was fixed in the package lighttpd - 1.4.45-1ubuntu3.18.10
---
lighttpd (1.4.45-1ubuntu3.18.10) cosmic; urgency=medium
* Cherrypick and rebase upstream patch to disable client renegotiation
with TLSv1.3 connections. LP: #1832295
-- Dimitri John Ledkov Mon, 24 Jun 201
The version in proposed works for me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832295
Title:
lighttpd broken by OpenSSL update
To manage notifications about this bug go to:
https://bugs.launc
Reproducing on cosmic:
# dpkg-query -W lighttpd
lighttpd1.4.45-1ubuntu3
# curl --cacert /etc/ssl/certs/ssl-cert-snakeoil.pem
https://composed-cattle.lxd &>/dev/null && echo Pass || echo Fail
Fail
# sed 's/-updates/-proposed/' -i /etc/apt/sources.list
# apt update
# apt install lighttpd
Reproducing on bionic:
# dpkg-query -W lighttpd
lighttpd1.4.45-1ubuntu3
# curl --cacert /etc/ssl/certs/ssl-cert-snakeoil.pem
https://diverse-basilisk.lxd &>/dev/null && echo Pass || echo Fail
Fail
# sed 's/-updates/-proposed/' -i /etc/apt/sources.list
# apt update
# apt install lighttpd
#
Hello Jim, or anyone else affected,
Accepted lighttpd into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/lighttpd/1.4.45-1ubuntu3.18.04 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
htt
** Description changed:
-
[Impact]
- * TLSv1.3 (which is enabled by default) connections are getting killed
+ * TLSv1.3 (which is enabled by default) connections are getting killed
instead of succeeding negotiation.
[Test Case]
- * Create lighttpd server, attempt to connect via
** Changed in: lighttpd (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832295
Title:
lighttpd broken by OpenSSL update
To manage notifications about
Fix released in Disco and Eoan.
Affected series are Bionic and Cosmic.
** Also affects: lighttpd (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: lighttpd (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Changed in: lighttpd (Ubuntu Bionic)
Importanc
> Temporary solution is to define `ssl.disable-client-renegotiation = "disable"`
> But it's not safe.
Actually that should be the new default. Client-renegotiation is no
longer supported at all, and shouldn't be neither offered or accepted.
--
You received this bug notification because you are a
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832295
Title:
lighttpd broken by OpenSSL update
To manage notifications about this bug go to:
https://bugs.launchpad.
** Changed in: lighttpd (Ubuntu)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832295
Title:
lighttpd broken by OpenSSL update
To manage notifications about th
Got that issue too.
All site using https were down.
Temporary solution is to define `ssl.disable-client-renegotiation = "disable"`
But it's not safe.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832
To eliminate further downtime, I built/installed lighttpd 1.4.54 which
resolved the problem.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832295
Title:
lighttpd broken by OpenSSL update
To manage
Simply rebuilding the source deb against the new libraries isn't enough
to make it work.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832295
Title:
lighttpd broken by OpenSSL update
To manage not
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: lighttpd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832295
Title:
l
A Debian bug suggests that lighttpd < 1.4.51 is broken by libssl 1.1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913558
** Bug watch added: Debian Bug tracker #913558
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913558
--
You received this bug notification because you are a memb
18 matches
Mail list logo
