Hi, I ran testssl 2.9.5-8 using OpenSSL 1.1.1d against one of my machines and it reports this vulnerability and also LOGJAM. Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension CCS (CVE-2014-0224) not vulnerable (OK) Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session tickets Secure Renegotiation (CVE-2009-3555) VULNERABLE (NOT ok) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK) SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services https://censys.io/ipv4?q=ABB231A84918A841E338895526018635D982CA9D56F9AE89ABAD75D938AE3883 could help you to find out LOGJAM (CVE-2015-4000), experimental VULNERABLE (NOT ok): common prime RFC2409/Oakley Group 2 detected (1024 bits), but no DH EXPORT ciphers BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-SHA AES256-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA256-SHA CAMELLIA128-SHA VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) I will shift from gnutls for the moment to see if that is the underlying cause. Why apr-util was compiled without openssl, I do not know ... well I do, I had USE="ssl gnutls -openssl" set in make.conf. I will recompile apps ensuring +openssl and -gnutls, will see what happens. Here is my current setup, whether it is apache-openssl-gnutls issue I do not know. [ebuild R ] dev-libs/apr-util-1.6.1-r3:1::gentoo USE="berkdb gdbm mysql sqlite -doc -ldap -libressl -nss -odbc -openssl -postgres -static-libs" 0 KiB [ebuild R ] www-servers/apache-2.4.41:2::gentoo USE="gdbm (split-usr) ssl suexec suexec-caps threads -debug -doc -ldap -libressl (-selinux) -static -suexec-syslog" APACHE2_MODULES="alias auth_basic auth_digest authn_core authz_core authz_host authz_user autoindex cache cgi cgid charset_lite deflate dir env expires file_cache filter headers ident imagemap include info log_config log_forensic mime mime_magic negotiation remoteip rewrite setenvif socache_shmcb status unixd userdir usertrack vhost_alias -access_compat -actions -asis -auth_form -authn_alias -authn_anon -authn_dbd -authn_dbm -authn_file -authn_socache -authz_dbd -authz_dbm -authz_groupfile -authz_owner -brotli -cache_disk -cache_socache -cern_meta -dav -dav_fs -dav_lock -dbd -dumpio -ext_filter -http2 -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -logio -macro -md -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_fcgi -proxy_ftp -proxy_html -proxy_http -proxy_http2 -proxy_scgi -proxy_wstunnel -ratelimit -reqtimeout -session -session_cookie -session_crypto -session_dbd -slotmem_shm -speling -substitute -unique_id -version -watchdog -xml2enc" APACHE2_MPMS="-event -prefork -worker" 0 KiB [ebuild R ] dev-libs/openssl-1.1.1d-r3:0/1.1::gentoo USE="asm sslv3 zlib -bindist -rfc3779 -sctp -static-libs -test -tls-heartbeat -vanilla" CPU_FLAGS_X86="(sse2)" 0 KiB [ebuild R ] net-libs/gnutls-3.6.7-r1:0/30::gentoo USE="cxx idn nls seccomp sslv2 sslv3 -dane -doc -examples -guile -openssl -pkcs11 -static-libs -test (-test-full) -tls-heartbeat -tools -valgrind" 0 KiB Could it be caused by APACHE2_MODULES missing the session related options (and be that a false alarm from testssl)? I am not including emerge --info as I already started the updates, sorry, too late.
Here is the info after some recompiles and updates, at least the platform hasn't changed. # emerge --info Portage 2.3.79 (python 2.7.15-final-0, default/linux/amd64/17.0/no-multilib/hardened, gcc-8.3.0, glibc-2.29-r7, 5.0.7 x86_64) ================================================================= System uname: Linux-5.0.7-x86_64-Intel-R-_Xeon-R-_CPU_E5-2630_0_@_2.30GHz-with-gentoo-2.6 KiB Mem: 2045212 total, 1049344 free KiB Swap: 556028 total, 552956 free Timestamp of repository gentoo: Fri, 20 Dec 2019 22:30:01 +0000 Head commit of repository gentoo: 7c16ad6e181ac72bc15ad81ff394e8d52858ba04 sh bash 4.4_p23-r1 ld GNU ld (Gentoo 2.32 p2) 2.32.0 app-shells/bash: 4.4_p23-r1::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.30.1::gentoo dev-lang/python: 2.7.15::gentoo, 3.5.5::gentoo, 3.6.5::gentoo dev-util/cmake: 3.9.6::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/openrc: 0.41.2::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.11.6::gentoo, 1.12.6::gentoo, 1.13.4::gentoo, 1.14.1::gentoo, 1.15.1-r2::gentoo, 1.16.1-r1::gentoo sys-devel/binutils: 2.31.1-r4::gentoo, 2.32-r1::gentoo sys-devel/gcc: 8.3.0-r1::gentoo sys-devel/gcc-config: 2.1::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 4.19::gentoo (virtual/os-headers) sys-libs/glibc: 2.29-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-jobs: 1 sync-rsync-verify-metamanifest: yes sync-rsync-extra-opts: sync-rsync-verify-max-age: 24 x-portage location: /usr/local/portage masters: gentoo priority: 0 science location: /var/lib/layman/science masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE dlj-1.1 sun-bcla-java-vm Oracle-BCLA-JavaSE IBM-J1.6 skype-eula Nero-EULA-US AdobeFlash-10.3 skype-4.0.0.7-copyright AdobeFlash-11.x intel-ucode unRAR linux-firmware freedist arj" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=x86-64" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.3/ext-active/ /etc/php/cgi-php7.3/ext-active/ /etc/php/cli-php7.3/ext-active/ /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=x86-64" DISTDIR="/usr/portage/distfiles" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news nostrip parallel-fetch pid-sandbox preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.utf8" LC_ALL="en_US" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en en_US en_GB cs cz" MAKEOPTS="-j1" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/tmp" USE="X amd64 apache apache2 berkdb blake2 bzip2 cairo cgi cli cracklib crypt cryptlib cxx dbus device-mapper dhcp emboss fontconfig fortran gbm gd gdbm geoip gpm hardened iconv innodb ipv6 java jce jpeg jpg keymap ladspa lapack lcms libnotify libtirpc lz4 lzma lzo mmx mysql mysqli ncurses nfs nls nptl nptlonly openssl pam pcre pdf perl php pie png python readline resolvconf seccomp server session spf split-usr sqlite sse sse2 ssl sslv2 sslv3 ssp suexec svg syslog tcpd threads tiff truetype udev unicode usb vhosts vim-syntax x11 xattr xml xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="alias authz_host authz_user auth_basic auth_digest authn_core authz_core autoindex cgi cgid deflate dir env expires filter headers ident include info imagemap mem_cache mime mime_magic negotiation remoteip setenvif socache_shmcb status userdir vhost_alias rewrite usertrack cache file_cache disk_cache charset_lite log_config log_forensic unixd session session_cookie session_crypto xml2enc" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4a" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php-7.3" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" RUBY_TARGETS="ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
The reinstalls finished, I rebooted the server and re-tested. The issue persits with apr-util[+openssl]. # emerge --info Portage 2.3.79 (python 2.7.17-final-0, default/linux/amd64/17.0/no-multilib/hardened, gcc-8.3.0, glibc-2.29-r7, 5.0.7 x86_64) ================================================================= System uname: Linux-5.0.7-x86_64-Intel-R-_Xeon-R-_CPU_E5-2630_0_@_2.30GHz-with-gentoo-2.6 KiB Mem: 2045212 total, 1520168 free KiB Swap: 556028 total, 556028 free Timestamp of repository gentoo: Fri, 20 Dec 2019 22:30:01 +0000 Head commit of repository gentoo: 7c16ad6e181ac72bc15ad81ff394e8d52858ba04 sh bash 4.4_p23-r1 ld GNU ld (Gentoo 2.32 p2) 2.32.0 app-shells/bash: 4.4_p23-r1::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.30.1::gentoo dev-lang/python: 2.7.17::gentoo, 3.5.5::gentoo, 3.6.9::gentoo dev-util/cmake: 3.14.6::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/openrc: 0.41.2::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.11.6::gentoo, 1.12.6::gentoo, 1.13.4::gentoo, 1.14.1::gentoo, 1.15.1-r2::gentoo, 1.16.1-r1::gentoo sys-devel/binutils: 2.31.1-r4::gentoo, 2.32-r1::gentoo sys-devel/gcc: 8.3.0-r1::gentoo, 9.2.0-r2::gentoo sys-devel/gcc-config: 2.1::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 4.19::gentoo (virtual/os-headers) sys-libs/glibc: 2.29-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-jobs: 1 sync-rsync-verify-metamanifest: yes sync-rsync-extra-opts: sync-rsync-verify-max-age: 24 x-portage location: /usr/local/portage masters: gentoo priority: 0 science location: /var/lib/layman/science masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE dlj-1.1 sun-bcla-java-vm Oracle-BCLA-JavaSE IBM-J1.6 skype-eula Nero-EULA-US AdobeFlash-10.3 skype-4.0.0.7-copyright AdobeFlash-11.x intel-ucode unRAR linux-firmware freedist arj" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=x86-64" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.3/ext-active/ /etc/php/cgi-php7.3/ext-active/ /etc/php/cli-php7.3/ext-active/ /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=x86-64" DISTDIR="/usr/portage/distfiles" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news nostrip parallel-fetch pid-sandbox preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.utf8" LC_ALL="en_US" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en en_US en_GB cs cz" MAKEOPTS="-j1" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/tmp" USE="X amd64 apache apache2 berkdb blake2 bzip2 cairo cgi cli cracklib crypt cryptlib cxx dbus device-mapper dhcp emboss fontconfig fortran gbm gd gdbm geoip gpm hardened iconv innodb ipv6 java jce jpeg jpg keymap ladspa lapack lcms libnotify libtirpc lz4 lzma lzo mmx mysql mysqli ncurses nfs nls nptl nptlonly openssl pam pcre pdf perl php pie png python readline resolvconf seccomp server session spf split-usr sqlite sse sse2 ssl sslv2 sslv3 ssp suexec svg syslog tcpd threads tiff truetype udev unicode usb vhosts vim-syntax x11 xattr xml xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="alias authz_host authz_user auth_basic auth_digest authn_core authz_core autoindex cgi cgid deflate dir env expires filter headers ident include info imagemap mem_cache mime mime_magic negotiation remoteip setenvif socache_shmcb status userdir vhost_alias rewrite usertrack cache file_cache disk_cache charset_lite log_config log_forensic unixd session session_cookie session_crypto xml2enc" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4a" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php-7.3" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" RUBY_TARGETS="ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS # emerge -pv openssl gnutls apr-util apache These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] dev-libs/openssl-1.1.1d-r3:0/1.1::gentoo USE="asm sslv3 zlib -bindist -rfc3779 -sctp -static-libs -test -tls-heartbeat -vanilla" CPU_FLAGS_X86="(sse2)" 8,639 KiB [ebuild R ] net-libs/gnutls-3.6.7-r1:0/30::gentoo USE="cxx idn nls openssl seccomp sslv2 sslv3 -dane -doc -examples -guile -pkcs11 -static-libs -test (-test-full) -tls-heartbeat -tools -valgrind" 0 KiB [ebuild R ] dev-libs/apr-util-1.6.1-r3:1::gentoo USE="berkdb gdbm mysql openssl* sqlite -doc -ldap -libressl -nss -odbc -postgres -static-libs" 419 KiB [ebuild R ] www-servers/apache-2.4.41:2::gentoo USE="gdbm (split-usr) ssl suexec suexec-caps threads -debug -doc -ldap -libressl (-selinux) -static -suexec-syslog" APACHE2_MODULES="alias auth_basic auth_digest authn_core authz_core authz_host authz_user autoindex cache cgi cgid charset_lite deflate dir env expires file_cache filter headers ident imagemap include info log_config log_forensic mime mime_magic negotiation remoteip rewrite session* session_cookie* session_crypto* setenvif socache_shmcb status unixd userdir usertrack vhost_alias xml2enc* -access_compat -actions -asis -auth_form -authn_alias -authn_anon -authn_dbd -authn_dbm -authn_file -authn_socache -authz_dbd -authz_dbm -authz_groupfile -authz_owner -brotli -cache_disk -cache_socache -cern_meta -dav -dav_fs -dav_lock -dbd -dumpio -ext_filter -http2 -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -logio -macro -md -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_fcgi -proxy_ftp -proxy_html -proxy_http -proxy_http2 -proxy_scgi -proxy_wstunnel -ratelimit -reqtimeout -session_dbd -slotmem_shm -speling -substitute -unique_id -version -watchdog" APACHE2_MPMS="-event -prefork -worker" 6,932 KiB #
To be usre I uninstalled gnutls and as you can see, it should not be related to my issue: # emerge --unmerge gnutls * This action can remove important packages! In order to be safer, use * `emerge -pv --depclean <atom>` to check for reverse dependencies before * removing packages. net-libs/gnutls selected: 3.6.7-r1 protected: none omitted: none All selected packages: =net-libs/gnutls-3.6.7-r1 >>> 'Selected' packages are slated for removal. >>> 'Protected' and 'omitted' packages will not be removed. >>> Waiting 5 seconds before starting... >>> (Control-C to abort)... >>> Unmerging in: 5 4 3 2 1 >>> Unmerging (1 of 1) net-libs/gnutls-3.6.7-r1... >>> needed sym /usr/lib64/libgnutls.so.30 >>> needed obj /usr/lib64/libgnutls.so.30.23.2 * GNU info directory index is up-to-date. !!! existing preserved libs: >>> package: net-libs/gnutls-3.6.7-r1 * - /usr/lib64/libgnutls.so.30 * - /usr/lib64/libgnutls.so.30.23.2 * used by /usr/bin/dirmngr (app-crypt/gnupg-2.2.17) * used by /usr/bin/squidclient (net-proxy/squid-4.9) * used by /usr/lib64/lftp/4.8.4/liblftp-network.so (net-ftp/lftp-4.8.4-r1) Use emerge @preserved-rebuild to rebuild packages using these libraries I continue now with 'emerge @preserved-rebuild' and "-uND --changed-deps world" recompiles. But I don't think it would help in this regard.
@maintainer(s), please give us your input on this.
ping
Ping
Is this reproducible on a build straight from upstream?
I can't reproduce this with testssl 3.0.4 and apache 2.4.48-r1 on two servers I have control over with different configurations. There are a lot of configuration options that may affect some of these issues (e.g. LOGJAM could be caused by configuration, not Apache itself). Please re-open this bug if you can still reproduce this, preferably either with a vanilla configuration or a publicly available server.