[Bug 1383704] Re: Can't switch off SSLv3 cipher groups in haproxy
** Changed in: haproxy (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to haproxy in Ubuntu. https://bugs.launchpad.net/bugs/1383704 Title: Can't switch off SSLv3 cipher groups in haproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1383704/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1383704] Re: Can't switch off SSLv3 cipher groups in haproxy
** Changed in: haproxy (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to haproxy in Ubuntu. https://bugs.launchpad.net/bugs/1383704 Title: Can't switch off SSLv3 cipher groups in haproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1383704/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1383704] Re: Can't switch off SSLv3 cipher groups in haproxy
>From RH Bug list: It appears the cause was identified and fixed in the latest haproxy upstream release, 1.5.7. From the release announcement on the haproxy mailing list: - John Leach reported an interesting bug in the way SSL certificates were loaded : if a certificate with an invalid subject (no parsable CN) is loaded as the first in the list, its context will not be updated with the bind line arguments, resulting in such a certificate to accept SSLv3 despite the "no-sslv3" keyword. That was diagnosed and fixed by Emeric. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to haproxy in Ubuntu. https://bugs.launchpad.net/bugs/1383704 Title: Can't switch off SSLv3 cipher groups in haproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1383704/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1383704] Re: Can't switch off SSLv3 cipher groups in haproxy
The issue seems to be caused by a self-signed cert we're using. A cert from a CA seems to work as expected. ** Attachment added: "ssl_cert.pem.orig.fixed" https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1383704/+attachment/4241193/+files/ssl_cert.pem.orig.fixed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to haproxy in Ubuntu. https://bugs.launchpad.net/bugs/1383704 Title: Can't switch off SSLv3 cipher groups in haproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1383704/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1383704] Re: Can't switch off SSLv3 cipher groups in haproxy
** Information type changed from Public to Public Security ** Tags added: poodle -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to haproxy in Ubuntu. https://bugs.launchpad.net/bugs/1383704 Title: Can't switch off SSLv3 cipher groups in haproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1383704/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1383704] Re: Can't switch off SSLv3 cipher groups in haproxy
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to haproxy in Ubuntu. https://bugs.launchpad.net/bugs/1383704 Title: Can't switch off SSLv3 cipher groups in haproxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1383704/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs