enterprise-support team mailing list archive

[Johannes Pfrang <johannespfrang+ubuntu@xxxxxxxxx>]

Public bug reported:

Apache #56241 [1] patched Apache 2.2.30 and 2.4.10 to confirm to the following RFC
change:

RFC 4366

   If the server understood the client hello extension but does not
   recognize the server name, it SHOULD send an "unrecognized_name"
   alert (which MAY be fatal).

RFC 6066 has changed this to

               If the server understood the ClientHello extension but
   does not recognize the server name, the server SHOULD take one of two
   actions: either abort the handshake by sending a fatal-level
   unrecognized_name(112) alert or continue the handshake.  It is NOT
   RECOMMENDED to send a warning-level unrecognized_name(112) alert,
   because the client's behavior in response to warning-level alerts is
   unpredictable.


Red Hat backported the patch in RHBA-2016:0140-1. [2]
AFAICS this patch has not been applied to 12.04 and possibly 14.04.
The NSS TLS 1.3 implementation now starts to treat `unrecognized_name` as fatal. [3]

In light of these developments, would the Ubuntu LTS Maintainers
please consider applying the aforementioned patch to the respective branches?

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=56241
[2] https://rhn.redhat.com/errata/RHBA-2016-0140.html
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1296862

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1615410

Title:
  Backport Apache #56241

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1615410/+subscriptions