Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Server Development (http://www.linux-archive.org/ubuntu-server-development/)
-   -   really drop SSLv2 (http://www.linux-archive.org/ubuntu-server-development/401410-really-drop-sslv2.html)

Scott Kitterman 07-19-2010 09:22 PM

really drop SSLv2
 
"Kees Cook" <kees@ubuntu.com> wrote:

>In 2008 there was discussion[1] about disabling SSLv2 in OpenSSL. The
>conclusion seemed favorable for it, and so it was attempted[2] in openssl
>0.9.8g-10.1ubuntu2 for Intrepid.
>
>Unfortunately, this change seems to have had no affect on the build, and
>SSLv2 has remained available. I would like to propose fixing this for real
>now, and documenting the change in the SSL man pages.
>
>I'd like to point out that even as far back as Dapper, GnuTLS has not
>supported SSLv2; IMO, it is high time to make it go away for OpenSSL too.
>
>The attached debdiff would disallow the use of SSLv2 in any mode without
>wrecking the openssl library ABI.
>
>Thoughts?
>
>-Kees
>
>[1] https://lists.ubuntu.com/archives/ubuntu-server/2008-July/001976.html

Yes. Please. Make it die.

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Kees Cook 07-19-2010 10:06 PM

really drop SSLv2
 
Hi Laurent,

On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:
> Le Mon, 19 Jul 2010 14:12:15 -0700,
> Kees Cook <kees@ubuntu.com> a écrit :
>
> > Thoughts?
>
> Shouldn't this be coordinated with Debian?

Yes, if there isn't strong objection in Ubuntu, my next step would be to
propose it to Debian as well.

-Kees

--
Kees Cook
Ubuntu Security Team

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Eric Peters 07-19-2010 10:09 PM

really drop SSLv2
 
Like Scott*said*make it die! But I*guarantee*it's going to break something, what that something is the question.
Cheers,Eric

On Mon, Jul 19, 2010 at 3:06 PM, Kees Cook <kees@ubuntu.com> wrote:

Hi Laurent,



On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:

> Le Mon, 19 Jul 2010 14:12:15 -0700,

> Kees Cook <kees@ubuntu.com> a écrit :

>

> > Thoughts?

>

> Shouldn't this be coordinated with Debian?



Yes, if there isn't strong objection in Ubuntu, my next step would be to

propose it to Debian as well.



-Kees



--

Kees Cook

Ubuntu Security Team



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam


All times are GMT. The time now is 07:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.