[ubuntu/precise] openssl 1.0.1-4ubuntu2 (Accepted)

Colin Watson cjwatson at canonical.com
Thu Apr 19 14:00:21 UTC 2012

openssl (1.0.1-4ubuntu2) precise-proposed; urgency=low

  * Backport more upstream patches to work around TLS 1.2 failures
    (LP #965371):
    - Do not use record version number > TLS 1.0 in initial client hello:
      some (but not all) hanging servers will now work.
    - Truncate the number of ciphers sent in the client hello to 50.  Most
      broken servers should now work.
    - Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
  * Don't re-enable TLS 1.2 client support by default yet, since more of the
    sites listed in the above bug and its duplicates still fail if I do that
    versus leaving it disabled.

Date: 2012-04-18 14:10:29.653840+00:00
Changed-By: Colin Watson <cjwatson at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list