[ubuntu/precise-updates] openssl 1.0.1-4ubuntu5.18 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Oct 2 16:58:13 UTC 2014
openssl (1.0.1-4ubuntu5.18) precise-security; urgency=medium
* SECURITY IMPROVEMENT: remove cipher length limitation that was set to
work around problematic servers when using TLSv1.2 back in 2012.
- Although TLSv1.2 is disabled for clients by default, forcing it
enabled would truncate the cipher list, possibly removing important
ciphers, and was also breaking secure renegotiations.
- debian/patches/tls12_workarounds.patch: remove
OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 from Configure.
Date: 2014-10-01 21:09:12.776624+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes