desktop-packages team mailing list archive

Thread
Date

[Bug 1526999] Re: cups is intolerant to TLS 1.2

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Thu, 17 Dec 2015 00:36:50 -0000
Reply-to: Bug 1526999 <1526999@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Curiously, I can't reproduce that. This is what I get:

$ openssl s_client -connect localhost:631
<snip>
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA256
<snip>


Please attach the output of "apt-cache policy libssl1.0.0" and your /etc/cups/cupsd.conf

Thanks!

** Information type changed from Private Security to Public Security

** Changed in: cups (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1526999

Title:
  cups is intolerant to TLS 1.2

Status in cups package in Ubuntu:
  Incomplete

Bug description:
  CUPS 1.7.2-0ubuntu1.7 on Ubuntu Trusty has a security problem where
  connections using TLS 1.2 will fail, forcing a TLS 1.1 retry

  === How to reproduce ====
  1. Connect to the cups server with HTTPS
  2. Check the security info

  or

  1. openssl s_client -connect localhost:631
  2. See the error
  3. openssl s_client -tls1_1 -connect localhost:631
  4. See no error

  TLS 1.1 is not the newest protocol version, and therefore this can be
  considered a security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1526999/+subscriptions