[ubuntu/precise] openssl 1.0.1-4ubuntu2 (Accepted)
cjwatson at canonical.com
Thu Apr 19 14:00:21 UTC 2012
openssl (1.0.1-4ubuntu2) precise-proposed; urgency=low
* Backport more upstream patches to work around TLS 1.2 failures
- Do not use record version number > TLS 1.0 in initial client hello:
some (but not all) hanging servers will now work.
- Truncate the number of ciphers sent in the client hello to 50. Most
broken servers should now work.
- Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
* Don't re-enable TLS 1.2 client support by default yet, since more of the
sites listed in the above bug and its duplicates still fail if I do that
versus leaving it disabled.
Date: 2012-04-18 14:10:29.653840+00:00
Changed-By: Colin Watson <cjwatson at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes