Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1320455 - (rhel7-openssl-no-ssl2) Remove SSL 2.0 support to avoid supporting it for lifetime of RHEL-7
Remove SSL 2.0 support to avoid supporting it for lifetime of RHEL-7
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssl (Show other bugs)
7.2
Unspecified Unspecified
high Severity medium
: rc
: ---
Assigned To: Tomas Mraz
Stefan Dordevic
Mirek Jahoda
: FutureFeature
Depends On:
Blocks: 1377248 1335929
  Show dependency treegraph
 
Reported: 2016-03-23 05:31 EDT by Tomas Mraz
Modified: 2017-08-01 14:16 EDT (History)
5 users (show)

See Also:
Fixed In Version: openssl-1.0.2k-3.el7
Doc Type: Deprecated Functionality
Doc Text:
The SSL 2.0 support is completely removed from OpenSSL The SSL 2.0 protocol is severally broken and insecure, it was deprecated many years ago and it is not used anymore. Its support was already disabled by default. However to avoid inadvertent reenablement of the insecure protocol its support was removed completely. The OpenSSL library API calls that implement the protocol will permanently return error.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 14:16:10 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1929 normal SHIPPED_LIVE openssl bug fix and enhancement update 2017-08-01 14:08:01 EDT

  None (edit)
Description Tomas Mraz 2016-03-23 05:31:27 EDT 
We should completely remove the support for SSL 2.0 except for receiving SSLv2 client hellos on the server.

The support will not be compiled into the library. To avoid ABI break the SSL2 specific public functions will be kept but they will return an error.
Comment 5 errata-xmlrpc 2017-08-01 14:16:10 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1929
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.