Package: proxytunnel Version: 1.9.0+svn250-3 Severity: important Hello,
proxytunnel is still using ssl V3 in the ssl connexions (see pstream.c:157) The protocol is now removed from the libssl package, due to CVE-2014-3566. Consequently, proxytunnel is now useless with any updated server ! Here is a log in the apache server with a proxytunnel connexion : [Wed Oct 29 22:19:53.053909 2014] [ssl:info] [pid 28044] [client 192.168.0.254:44123] AH01964: Connection to child 0 established (server domain.tld:443) [Wed Oct 29 22:19:53.054706 2014] [ssl:info] [pid 28044] [client 192.168.0.254:44123] AH02008: SSL library error 1 in handshake (server domain.tld:443) [Wed Oct 29 22:19:53.054800 2014] [ssl:info] [pid 28044] SSL Library Error: error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol [Wed Oct 29 22:19:53.054875 2014] [ssl:info] [pid 28044] [client 192.168.0.254:44123] AH01998: Connection closed to child 0 with abortive shutdown (server domain.tld:443) -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (90, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages proxytunnel depends on: ii libc6 2.19-12 ii libssl1.0.0 1.0.1j-1 proxytunnel recommends no packages. Versions of packages proxytunnel suggests: pn ssh <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
