531644 – www-client/chromium-39.*: append --ssl-version-min=tls1 to prevent POODLE bug

Bug 531644 - www-client/chromium-39.*: append --ssl-version-min=tls1 to prevent POODLE bug

Summary: www-client/chromium-39.*: append --ssl-version-min=tls1 to prevent POODLE bug

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Chromium Project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-12-04 10:32 UTC by Pacho Ramos
Modified:	2015-01-26 14:33 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pacho Ramos gentoo-dev

2014-12-04 10:32:40 UTC

If I don't misremember, chromium will disable SSLv3 by default from 40.x versions... but as we are still with 39.x versions for "stable" tree, maybe would be interesting to append --ssl-version-min=tls1 to our "chromium" script that launches the browser as suggested in:
https://access.redhat.com/solutions/1232333

What do you think?

Thanks!

Comment 1 Mike Gilbert gentoo-dev

2014-12-11 15:25:59 UTC

I would prefer to just wait until 40.x is promoted to the stable channel.

Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2015-01-26 14:33:54 UTC

(In reply to Mike Gilbert from comment #1)
> I would prefer to just wait until 40.x is promoted to the stable channel.

chromium-40.0.2214.91 is stable now.

FWIW upstream tracking bug for poodle is https://code.google.com/p/chromium/issues/detail?id=419870