-ssl option doesn't work against modern cryptos
Bug #1433565 reported by
Elias Abacioglu
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| httperf (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Since the discovery of recent vulnerabilities httperf's SSL function has been rendered useless because it uses SSLv3 and SSLv3 is nowadays considered insecure/obsolete.
But there is a way to patch it so that it uses TLSv1 instead of SSLv3 when using the -ssl option in httperf.
I have attached a patch and was hoping that someone could package into the ubuntu releases of httperf.
Revision history for this message
| Elias Abacioglu (raboo) wrote | #1 |
Revision history for this message
| Ubuntu Foundations Team Bug Bot (crichton) wrote | #2 |
| tags: | added: patch |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in httperf (Ubuntu): | |
| status: | New → Confirmed |
To post a comment you must log in.
The attachment "httperf SSLv3 to TLSv1 patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]