2.0.8-1 is synced in Focal, closing that bug as well,
** Changed in: haproxy (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841936
Title:
This bug was fixed in the package haproxy - 1.8.8-1ubuntu0.6
---
haproxy (1.8.8-1ubuntu0.6) bionic; urgency=medium
* Fix issues around dh_params when building against openssl 1.1.1
to avoid regressing the minimal key size (LP: 1841936)
-
This bug was fixed in the package haproxy - 2.0.5-1ubuntu0.1
---
haproxy (2.0.5-1ubuntu0.1) eoan; urgency=medium
* Fix configurability of dh_params that regressed since building
against openssl 1.1.1 (LP: #1841936)
-
This bug was fixed in the package haproxy - 1.8.19-1ubuntu1.1
---
haproxy (1.8.19-1ubuntu1.1) disco; urgency=medium
* Fix configurability of dh_params that regressed since building
against openssl 1.1.1 (LP: #1841936)
-
Prior to Update:
E: DH group offered:RFC5114/2048-bit DSA group with 224-bit prime
order subgroup (2048 bits)
D: DH group offered:RFC5114/2048-bit DSA group with 224-bit prime
order subgroup (2048 bits)
B: DH group offered:HAProxy (1024 bits)
=> D+E on wrong
I have tested 1.8.8-1ubuntu0.6 (bionic) with our existing configuration,
and I cannot find anything wrong it.
We use the default 1024 bit DH-parameters, and override it with better
parameters for some of our frontends using parameters specified directly
in the certificate file (concatenated).
Hello David, or anyone else affected,
Accepted haproxy into eoan-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/haproxy/2.0.5-1ubuntu0.1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Changed in: haproxy (Ubuntu Focal)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841936
Title:
Rebuild openssl 1.1.1 to pickup TLSv1.3 (bionic) and
FYI - syncing 2.0.8 into Focal, which will cover this bug.
The SRU MPs are still up for review.
=> https://launchpad.net/ubuntu/+source/haproxy/2.0.8-1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I think I found the issue, retesting ...
Yes that was it, my mistake but fixed.
Now the Eoan/Focal branches behave as expected as well.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841936
Title:
Code and Builds for Versions D-F ready as well.
4 MPs are up and linked in here the bug (see below description)
1.8.8 and 1.8.19 work the same way.
I also picked the change from the 2.0 branch, for Eoan/Focal, but there testing
shows errors to load the dh file that the frontend defines like:
** Description changed:
[Impact-Bionic]
* openssl 1.1.1 has been backported to Bionic for its longer
support upstream period
* That would allow the extra feature of TLSv1.3 in some consuming
packages what seems "for free". Just with a no change rebuild it would
pick
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/haproxy/+git/haproxy/+merge/374595
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/haproxy/+git/haproxy/+merge/374596
--
You received this bug notification because you are a member
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/haproxy/+git/haproxy/+merge/374592
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841936
Title:
Rebuild openssl
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/haproxy/+git/haproxy/+merge/374589
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841936
Title:
Rebuild openssl
** Description changed:
- [Impact]
+ [Impact-Bionic]
* openssl 1.1.1 has been backported to Bionic for its longer
support upstream period
* That would allow the extra feature of TLSv1.3 in some consuming
packages what seems "for free". Just with a no change rebuild it would
16 matches
Mail list logo
