Bug 1320455 (rhel7-openssl-no-ssl2)
| Summary: | Remove SSL 2.0 support to avoid supporting it for lifetime of RHEL-7 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Tomas Mraz <tmraz> |
| Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED ERRATA | QA Contact: | Stefan Dordevic <sdordevi> |
| Severity: | medium | Docs Contact: | Mirek Jahoda <mjahoda> |
| Priority: | high | ||
| Version: | 7.2 | CC: | bressers, mgrepl, nmavrogi, sdordevi, szidek |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openssl-1.0.2k-3.el7 | Doc Type: | Deprecated Functionality |
| Doc Text: |
The SSL 2.0 support is completely removed from OpenSSL
The SSL 2.0 protocol is severally broken and insecure, it was deprecated many years ago and it is not used anymore. Its support was already disabled by default. However to avoid inadvertent reenablement of the insecure protocol its support was removed completely. The OpenSSL library API calls that implement the protocol will permanently return error.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 18:16:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1335929, 1377248 | ||
|
Description
Tomas Mraz
2016-03-23 09:31:27 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1929 |