-
Committer:
Package Import Robot
-
Author(s):
Colin Watson
-
Date:
2012-04-18 15:03:56 UTC
-
mfrom:
(75.1.2 openssl)
-
Revision ID:
package-import@ubuntu.com-20120418150356-rvzjdn3cbql0z1hs
Tags: 1.0.1-4ubuntu2
* Backport more upstream patches to work around TLS 1.2 failures
(LP #965371):
- Do not use record version number > TLS 1.0 in initial client hello:
some (but not all) hanging servers will now work.
- Truncate the number of ciphers sent in the client hello to 50. Most
broken servers should now work.
- Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
* Don't re-enable TLS 1.2 client support by default yet, since more of the
sites listed in the above bug and its duplicates still fail if I do that
versus leaving it disabled.