Package: lighttpd Version: 1.4.31-4+deb7u1 Severity: important
The last "security update" completely broke SSL/SNI. Before the update, SSL and SNI worked fine, but after the update, no more SSL-connections are possible! Trying to connect to the lighttpd with SSL results in timeouts (Firefox reports "The connection was interrupted" after some time, wget times out with "Unable to establish SSL connection."). The only message I could find in the logfiles, was: "(connections.c.277) SSL: -1 5 32 Broken pipe" -- System Information: Debian Release: 6.0.8 Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lighttpd depends on: ii libattr1 1:2.4.46-8 Extended attribute shared library ii libbz2-1.0 1.0.5-6+squeeze1 high-quality block-sorting file co ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libfam0 2.7.0-17 Client library to control the FAM ii libldap-2.4-2 2.4.23-7.3 OpenLDAP libraries ii libpcre3 1:8.30-5 Perl 5 Compatible Regular Expressi ii libssl1.0.0 1.0.1e-2 SSL shared libraries ii libterm-readline-perl- 1.0303-1 Perl implementation of Readline li ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap ii perl 5.10.1-17squeeze6 Larry Wall's Practical Extraction ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages lighttpd recommends: pn spawn-fcgi <none> (no description available) Versions of packages lighttpd suggests: pn apache2-utils <none> (no description available) ii openssl 1.0.1e-2 Secure Socket Layer (SSL) binary a pn rrdtool <none> (no description available) -- Configuration Files: /etc/lighttpd/lighttpd.conf changed [not included] /etc/logrotate.d/lighttpd changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
