Bug#740160: gnutls unusable with cacert SHA2-512 sigs
Desai, Jason
jason.desai at saabusa.com
Thu Oct 23 03:45:55 UTC 2014
I ran into this bug too - not fun. I was not able to find a work around until I started investigating how to disable SSLv3 to protect against POODLE. Since it seems that the issue is with TLS 1.2 and SHA512, I think you can disable the TLS 1.2 protocol altogether as a work around until this gets fixed properly. Don't forget to disable SSLv3 while you're at it. For exim, you can do:
tls_require_ciphers = NORMAL:-VERS-SSL3.0:-VERS-TLS1.2
For openldap, you can do
TLS_CIPHER_SUITE NORMAL:-VERS-SSL3.0:-VERS-TLS1.2
Hope this helps!
Jason
This message is intended only for the addressee and may contain information that is company confidential or privileged. Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20141023/6448d4fe/attachment.html>
More information about the Pkg-gnutls-maint
mailing list