Comment 0 for bug 1505328

Revision history for this message
Bryan Quigley (bryanquigley) wrote : Cups SSL is vulernable to POODLE

On 12.04 and 14.04 if you enable cups ssl you are vulnerable to poodle, and there does not appear to be any way to mitigate it in Cups config.

Ubuntu 14.04 - https://www.ssllabs.com/ssltest/analyze.html?d=190.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on
Ubuntu 12.04 - https://www.ssllabs.com/ssltest/analyze.html?d=191.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on

Fixed in wily - https://www.ssllabs.com/ssltest/analyze.html?d=192.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on
Upstream fix - https://www.cups.org/str.php?L4476

Should we disable ssvl3 in the 12.04/14.04 cups by default and backport the option to turn it back on?