Closed haarg closed 1 year ago
since 2.082 the default is now TLS1.2+ - see 4f6ea831
Just FYI this change prevents installation on Ubuntu 16.04 LTS:
root@811bcdb2dd8c:~# cpanm IO::Socket::SSL
--> Working on IO::Socket::SSL
Fetching http://www.cpan.org/authors/id/S/SU/SULLR/IO-Socket-SSL-2.082.tar.gz ... OK
Configuring IO-Socket-SSL-2.082 ... OK
Building and testing IO-Socket-SSL-2.082 ... FAIL
! Installing IO::Socket::SSL failed. See /root/.cpanm/work/1684396466.4663/build.log for details. Retry with --force to force install it.
root@811bcdb2dd8c:~#
t/plain_upgrade_downgrade.t ....... ok
t/protocol_version.t .............. Bailout called. Further testing stopped: cannot listen on localhost: No such file or directory
FAILED--Further testing stopped: cannot listen on localhost: No such file or directory
Makefile:859: recipe for target 'test_dynamic' failed
make: *** [test_dynamic] Error 255
root@811bcdb2dd8c:~/.cpanm/work/1684396466.4663/IO-Socket-SSL-2.082# make test_dynamic
installing without tests seems to work
root@811bcdb2dd8c:~# cpanm -n IO::Socket::SSL
--> Working on IO::Socket::SSL
Fetching http://www.cpan.org/authors/id/S/SU/SULLR/IO-Socket-SSL-2.082.tar.gz ... OK
Configuring IO-Socket-SSL-2.082 ... OK
Building IO-Socket-SSL-2.082 ... OK
Successfully installed IO-Socket-SSL-2.082
1 distribution installed
root@811bcdb2dd8c:~#
Ubuntu 16.04 LTS is still supported under Expanded Security Maintenance (ESM)
t/protocol_version.t .............. Bailout called.
This was a regression affecting only older OpenSSL versions (and LibreSSL) with no support for SECLEVEL. Fixed in 2.083
Thanks, very appreciated:
root@8e4bd7e6a8e7:/# lsb_release -a
LSB Version: core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
Distributor ID: Ubuntu
Description: Ubuntu 16.04.7 LTS
Release: 16.04
Codename: xenial
root@8e4bd7e6a8e7:/# cpan SULLR/IO-Socket-SSL-2.083.tar.gz
...
root@8e4bd7e6a8e7:/# cpanm IO::Socket::SSL
IO::Socket::SSL is up to date. (2.083)
For some reason installing with cpanm IO::Socket::SSL
is still fetching v2.082 but maybe it's just a matter of time
root@ed56d9673176:/# cpanm IO::Socket::SSL
--> Working on IO::Socket::SSL
Fetching http://www.cpan.org/authors/id/S/SU/SULLR/IO-Socket-SSL-2.082.tar.gz ... OK
Configuring IO-Socket-SSL-2.082 ... OK
Building and testing IO-Socket-SSL-2.082 ... ^C
EDIT: nvm, it works now as cpanm IO::Socket::SSL
TLS versions below 1.2 are now considered insecure and should be blocked by default.
Currently, only SSL2 and SSL3 are blocked.