[ntp:security] SSL problems with support.ntp.org

Kurt Seifried kseifried at redhat.com
Wed Oct 29 08:15:42 UTC 2014


ok filed bugs against bugs/support (SSL/TLS issues) and www/ntp.org
(which has no SSL/TLS enabled, just standard HTTP on port 443???).

On 29/10/14 01:49 AM, Harlan Stenn wrote:
> Kurt,
> 
> Would you please register at bugs.ntp.org and then let me know?
> 
> I'll create a security bug for this and list you as the reporter.
> 
> Thanks...
> 
> H
> 
> Kurt Seifried writes:
>> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
>> --===============7878640036101382342==
>> Content-Type: multipart/signed; micalg=pgp-sha1;
>>  protocol="application/pgp-signature";
>>  boundary="JcVhTu9jRPVGasmrg204k5TGB0ltpkXXa"
>>
>> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
>> --JcVhTu9jRPVGasmrg204k5TGB0ltpkXXa
>> Content-Type: text/plain; charset=utf-8
>> Content-Transfer-Encoding: quoted-printable
>>
>> https://www.ssllabs.com/ssltest/analyze.html?d=3Dsupport.ntp.org
>>
>> SSL2, untrusted cert, missing chain, support for 40 bit ciphers/etc.
>> Basically there's no point to using SSL if you do it with this config =3D=
>> (.
>>
>> Can you please fix this? thanks.
>>
>> --=20
>> Kurt Seifried -- Red Hat -- Product Security -- Cloud
>> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
>>
>>
>> --JcVhTu9jRPVGasmrg204k5TGB0ltpkXXa
>> Content-Type: application/pgp-signature; name="signature.asc"
>> Content-Description: OpenPGP digital signature
>> Content-Disposition: attachment; filename="signature.asc"
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQIcBAEBAgAGBQJULOY5AAoJEBYNRVNeJnmTkzwP/27JTdxQgGgwrvVgi7h16D/w
>> bPNfi7JV6qG6VsIl/I2NOSYPGU8/4pb0qDY2zZmZ7AJ1F9a+uZ7cOGvLYtLLNG/i
>> X2zjbVCzhS/I8jHXkm0Ckdtid+BPyfCPsPC0CVOm0WbqHmT9eDejU6sBDlNA94Uj
>> ziRb3XwmRr0ywyqAKu7YUXdOyyho2gVcMU/uzYPGh+gD7aZiAuRAFq8i5GtRkIF7
>> +J6T2zv3ssGv5FQV022UjlrU9BjdeiPFMRWjCwKKlGF134+BlUghaU1bZSBkMhu4
>> Bq4Z/3vkefrx3jFZDbhOONhWFos0UI5tYBhU1CTBqYnLVaM7CCUhRr/QgSU4S0qC
>> zePjDTa7QN0LLbcTT4LyTC/vgNmxc4ZuUY6swsWNRHBfegjhfzMZzy9AoPhFu2U7
>> mXyCFs/zMhRBDmof++1m/FVUFMJD1/2yh2cF311F9NKEyo0oR7/zB4ae2qSQ5QVG
>> 0xrGLkAKZBMHPP3MNi5/YGcFfAG+Ou1t/UHVuHMlZv20r72Vu9MqyRrY3UPT+gjK
>> Sp9tTey2Cm6pVhkv9RQiuHeowoJJfCu1yBM5f5BPf7nC1pfvnBvuDIRK3DTguSRE
>> W93w64I1lo/S2a/Lgj7pxxW40CsMcS6veP0RaYxOLWPgbPBrPWXG8AKuwDuBYM9r
>> VlPRoaeoWOhLN9W5uh5L
>> =Tiur
>> -----END PGP SIGNATURE-----
>>
>> --JcVhTu9jRPVGasmrg204k5TGB0ltpkXXa--
>>
>> --===============7878640036101382342==
>> Content-Type: text/plain; charset="us-ascii"
>> MIME-Version: 1.0
>> Content-Transfer-Encoding: 7bit
>> Content-Disposition: inline
>>
>> _______________________________________________
>> security mailing list
>> security at lists.ntp.org
>> http://lists.ntp.org/listinfo/security
>> --===============7878640036101382342==--
>>

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20141029/19cee2b0/attachment.sig>


More information about the security mailing list