enterprise-support team mailing list archive

Thread
Date

[Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Tue, 17 Mar 2015 22:47:49 -0000
Reply-to: Bug 1400473 <1400473@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

While apache in Ubuntu 12.04 does support TLSv1.2, it doesn't allow
specifying the configuration options to selectively disable TLSv1.0.

The following commit needs to be backported:
https://svn.apache.org/viewvc?view=revision&revision=1445104


** Package changed: openssl (Ubuntu) => apache2 (Ubuntu)

** Summary changed:

- Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack
+ Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1400473

Title:
  Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473/+subscriptions