← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #120644

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

  Thread PreviousDate PreviousThread Next 
** Description changed:

  This issue is present in Trusty and Precise with the stock main gnutls -
  https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-
  tls
  
  If I switch cups to use gnutls28-dev on 14.04 the issue appears to go
  away according to ssllabs.   My test case is cups with SSL on.
  
+ Reproduction Steps:
+ launch a new trusty VM 
+ sudo apt-get install cups 
+ Open /etc/cups/cupsd.conf and change just this one section 
+ ... 
+ # Only listen for connections from the local machine. 
+ #Listen localhost:631 
+ Listen /var/run/cups/cups.sock 
+ 
+ SSLPort 443 
+ SSLOptions None 
+ ServerAlias 127.35.213.162.lcy-02.canonistack.canonical.com 
+ ... 
+ Restart cups and then run the ssllabs test - https://www.ssllabs.com/ssltest/ 
+ 
+ 
  [1] http://pastebin.ubuntu.com/12970857/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1510163

Title:
  Poodle TLS1.0 issue in Trusty (and Precise)

Status in gnutls26 package in Ubuntu:
  New

Bug description:
  This issue is present in Trusty and Precise with the stock main gnutls
  - https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-
  bites-tls

  If I switch cups to use gnutls28-dev on 14.04 the issue appears to go
  away according to ssllabs.   My test case is cups with SSL on.

  Reproduction Steps:
  launch a new trusty VM 
  sudo apt-get install cups 
  Open /etc/cups/cupsd.conf and change just this one section 
  ... 
  # Only listen for connections from the local machine. 
  #Listen localhost:631 
  Listen /var/run/cups/cups.sock 

  SSLPort 443 
  SSLOptions None 
  ServerAlias 127.35.213.162.lcy-02.canonistack.canonical.com 
  ... 
  Restart cups and then run the ssllabs test - https://www.ssllabs.com/ssltest/ 


  [1] http://pastebin.ubuntu.com/12970857/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163/+subscriptions

References

  Thread PreviousDate PreviousThread Next