Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 458204

Summary: dev-libs/openssl-1.0.1c - DESCRIPTION should mention TLSv1.1 and TLSv1.2
Product: Gentoo Linux Reporter: Walter <walter>
Component: [OLD] Core systemAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: trivial    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Walter 2013-02-19 00:58:08 UTC 
Given the recent TLS attack reviewed here http://www.schneier.com/blog/archives/2013/02/really_clever_t.html ... I was looking at what the deal was for OpenSSL, considering I just had to do lost of mask stuff to get an update done.

I discovered that Gentoo describes 1.0.1c as supporting TLSv1 whereas in fact it supports TLSv1.1 and partially TLSv1.2 according to http://www.openssl.org/news/news.html and http://stackoverflow.com/questions/12032623/about-tls-1-2-support-in-openssl

Reproducible: Always

Steps to Reproduce:
1. emerge --search dev-libs/openssl

Actual Results:  
See bad description claiming TLSv1 support.

Expected Results:  
See correct description with TLSv1/1.1/partial 1.2 support.


Considering the security impact around this package I think it should be resolved quickly.
Comment 1 SpanKY gentoo-dev 2013-04-27 10:50:45 UTC 
i'll just drop the version numbers entirely
Comment 2 SpanKY gentoo-dev 2013-04-27 11:06:31 UTC 
should be all set now in the tree; thanks for the report!

Commit message: Tweak DESCRIPTION to remove protocol version info to be lazy and avoid keeping it up-to-date
http://sources.gentoo.org/dev-libs/openssl/openssl-1.0.1e-r1.ebuild?rev=1.1