[Bug 1836366] Re: [SRU] No Changes Rebuild in Bionic for OpenSSL compat reasons

Fri, 19 Jul 2019 12:51:29 -0700 

I can confirm that it does work as expected with package
1.14.0-0ubuntu1.3 from bionic-proposed. I tested on my personal site.

Before (1.2 and 1.3 work despite 1.3 not being explicitly enabled):

$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_2 -no_ign_eof 
2>/dev/null | grep 'Cipher is'
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305

$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_3 -no_ign_eof 
2>/dev/null | grep 'Cipher is'
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

# apt-get dist-upgrade
Calculating upgrade... Done
The following packages will be upgraded:
   libnginx-mod-http-geoip (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
   libnginx-mod-http-image-filter (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
   libnginx-mod-http-xslt-filter (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
   libnginx-mod-mail (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
   libnginx-mod-stream (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
   nginx-common (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
   nginx-core (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)


After (only 1.2 works == bug fixed):

$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_2 -no_ign_eof 
2>/dev/null | grep 'Cipher is'
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305

$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_3 -no_ign_eof 
2>/dev/null | grep 'Cipher is'
New, (NONE), Cipher is (NONE)


After the update and manually enabling TLS 1.3 (1.2 and 1.3 work):

$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_2 -no_ign_eof 
2>/dev/null | grep 'Cipher is'
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305

$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_3 -no_ign_eof 
2>/dev/null | grep 'Cipher is'
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384


** Tags removed: verification-failed-bionic verification-needed
** Tags added: verification-done verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1836366

Title:
  [SRU] No Changes Rebuild in Bionic for OpenSSL compat reasons

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1836366/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to