Skip Menu |

This queue is for tickets about the Crypt-SSLeay CPAN distribution.

Report information
The Basics
Id: 116023
Status: rejected
Priority: 0/
Queue: Crypt-SSLeay
People
Owner: nanis [...] runu.moc.invalid
Requestors: JUSTNOXX [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.72
Fixed in: (no value)

History Show all quoted text
  Sun Jul 10 05:18:12 2016 JUSTNOXX [...] cpan.org - Ticket created
Found a segmentation fault on windows system with OpenSSL-1.0.1-t. After rollback to OpenSSL-1.0.1-L everything is works fine. Issue could be reproduced with the following code: perl -MCrypt::SSLeay::CTX -e 'Crypt::SSLeay::CTX->new(2);" We found it when we tried to http get via LWP::UserAgent our old server, which has SSLv2.0 only. Our perl is 5.8.9.
  Mon Apr 03 16:47:56 2017 nanis [...] runu.moc.invalid - Correspondence added
On Sun Jul 10 05:18:12 2016, JUSTNOXX wrote: Show quoted text
> We found it when we tried to http get via LWP::UserAgent our old > server, which has SSLv2.0 only. Our perl is 5.8.9.
Please note: If you look at <https://www.openssl.org/news/changelog.html> and search for "SSLv2" on the page, you'll note that recent versions of OpenSSL disable SSLv2. For example: *) SSLv2 support has been removed. It still supports receiving a SSLv2 compatible client hello. [Kurt Roeckx] You may have to stick with old versions of libraries or bring the server up to date. Your current setup might be vulnerable. HTH, -- Sinan
  Mon Apr 03 16:47:56 2017 The RT System itself - Status changed from 'new' to 'open'
  Mon Apr 03 16:48:01 2017 nanis [...] runu.moc.invalid - Status changed from 'open' to 'rejected'
  Mon Apr 03 16:48:01 2017 nanis [...] runu.moc.invalid - Taken