Thanks Christian; I think we can probably close this due to "The
--cipher and --auth options are not negotiable, so I see less risk
there" in the upstream ticket. There's doubtless higher-priority things
to work on than preventing poor security configurations.
Thanks
** Changed in: openvpn (Ubunt
Thanks Merlijn for the link.
That means that 2.3.11 is fixed which in turn means >=Yakkety is fine.
Seth, what is the security Teams position on that for Xenial now?
** Also affects: openvpn (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: openvpn (Ubuntu Xenial)
Update:
Bug has been patched upstream:
https://community.openvpn.net/openvpn/ticket/673
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1567717
Title:
openvpn supports many cipher suites that it prob
Depending how we proceed with that we could also address #2 of bug
1379132
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1567717
Title:
openvpn supports many cipher suites that it probably shouldn't
Hi Seth,
I think you are right to to remove exploitable ciphers.
But then there is also the (bad) need of some to be able to connect e.g. legacy
systems.
I wouldn't mind so much about supporting the bad ciphers if one has to shoot
(configure) himself to get them.
The manpage isn't to shy what it
** Bug watch added: community.openvpn.net/openvpn/ #673
https://community.openvpn.net/openvpn/ticket/673
** Also affects: openvpn via
https://community.openvpn.net/openvpn/ticket/673
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a membe