[SERVER-35064] OpenSSL Elliptic Curve Auto Negotiation Unsupported on RHEL 7 and Ubuntu 16.04 Created: 18/May/18 Updated: 06/Dec/22 Resolved: 14/Dec/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 3.6.4, 3.7.9 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Matt Lord (Inactive) | Assignee: | Backlog - Security Team |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Assigned Teams: |
Server Security
|
||||||||||||||||||||||||||||
| Operating System: | Linux | ||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Description |
|
Linux distros that have been GA for some time like RHEL 7 and Ubuntu 16.04 had to shoehorn TLS 1.2 support in later OS updates without breaking ABI compatibility. See RHEL 7 for example. The way this was done does not allow binaries built against the older ABI to enable curve auto negotiation for ECDHE ciphers in our "forward compatible" binaries--e.g. one RHEL7 binary supports 7.0-7.4. We will need to try and address this by, e.g.
|