Hi,
thank you for your report and helping to make Ubuntu better.
it might be totally true that some issue affects the connectivity of
some browsers - like the one of the cellphone you mentioned. But I'd
question the test you used in regard to TLSv1 support.
But IIRC that list just means that by default it is using TLSv1.2.
This isn't some sort of regression (here Trusty):
lxc exec trusty-tests -- openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1.2
Also I can on Xenial just nicely connect via TLSv1, TLSv1.1 and TLSv1.2
openssl s_client -connect www.example.com:443 -tls1
CONNECTED(00000003)
[...]
Protocol : TLSv1
[...]
Verify return code: 0 (ok)
openssl s_client -connect www.example.com:443 -tls1_1
CONNECTED(00000003)
[...]
Protocol : TLSv1.1
[...]
Verify return code: 0 (ok)
openssl s_client -connect www.example.com:443 -tls1_2
CONNECTED(00000003)
[...]
Protocol : TLSv1.2
[...]
Verify return code: 0 (ok)
I'd expect that some part of your stack disabled TLSv1 and/or TLSv1.1
for security reasons as they are deprecated for quite some time now.
** Changed in: openssl (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1636124
Title:
openssl lacks support for TLSv1 and TLSv1.1
Status in openssl package in Ubuntu:
Incomplete
Bug description:
OpenSSL in xenial (16.04) apparently lacks ciphers for both TLSv1 and
TLSv1.1. This is causing problems, as my wife's mobile phone with an
older version of Android does not support TLSv1.2 and thus cannot
connect to my server running on 16.04 (Apache with mod_ssl).
Can you please rebuild OpenSSL with the secure ciphers from TLSv1 and
TLSv1.1 enabled?
For reference, this list should also include TLSv1 and TLSv1.1:
openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1.2
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssl 1.0.2g-1ubuntu4.5
ProcVersionSignature: Ubuntu 4.4.0-45.66-generic 4.4.21
Uname: Linux 4.4.0-45-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
Date: Mon Oct 24 10:27:58 2016
InstallationDate: Installed on 2014-04-18 (919 days ago)
InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64
(20140416.2)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: openssl
UpgradeStatus: Upgraded to xenial on 2016-07-30 (86 days ago)
modified.conffile..etc.ssl.openssl.cnf: [modified]
mtime.conffile..etc.ssl.openssl.cnf: 2015-06-05T16:54:36.431443
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1636124/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
