Bug 577546
Summary: | Updated openssl package breaks lighttpd running SSL because of upstream bug #2157 | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Wouter de Jong <wouter> |
Component: | lighttpd | Assignee: | Matthias Saou <matthias> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | el5 | CC: | fedora-packaging2, matthias, opensource, redhat-bugzilla, tremble |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-09-20 08:40:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Wouter de Jong
2010-03-27 23:11:01 UTC
Workaround: set ssl.use-sslv2 = "enable" in the appropriate places in the config. This will enable SSLv2, but you can prevent actual working SSLv2 negotiation by massaging the cipher list, for example like this: ssl.cipher-list = "TLSv1+HIGH RC4+MEDIUM !SSLv2 !3DES !aNULL @STRENGTH" I got bitten by this too. Thanks for the work-around. I've rebuilt 1.4.26 with the fix, it should appear in EPEL testing soon. I've updated on many production servers and it's been working fine for me so far. lighttpd 0:1.4.26-2.el5 fixed this bug for me Indeed fixed, thank you :) lighttpd-1.4.26-2.el5 is now in the main EPEL repos, since Wouter de Jong reports this version as having fixed his problem I'm closing the ticket off. |