[ntp:security] SSL problems with support.ntp.org

Kurt Seifried kseifried at redhat.com
Wed Oct 29 16:26:43 UTC 2014


2662	nor	P5	All	kostecke at ntp.org	CONF	---	support.ntp.org SSL/TLS problems
2663	nor	P5	All	kostecke at ntp.org	CONF	---	bugs.ntp.org SSL/TLS issues
2664	nor	P5	All	kostecke at ntp.org	CONF	---	www.ntp.org/ntp.org SSL/TLS
problems


On 29/10/14 04:28 AM, Harlan Stenn wrote:
> Kurt Seifried writes:
>> ok filed bugs against bugs/support (SSL/TLS issues) and www/ntp.org
>> (which has no SSL/TLS enabled, just standard HTTP on port 443???).
> 
> Thanks - I see your logins on the support.ntp.org site (which may not be
> needed, but who can say) and on bugs.ntp.org.
> 
> I'm not seeing any filed bugs though.
> 
> I'll create something as soon as I can tomorrow.  I need to fall asleep
> right now (it's 03:30 here and I have to be awake in 6.5 hours' time).
> 
> Thanks!
> 
> H
> --
>> On 29/10/14 01:49 AM, Harlan Stenn wrote:
>>> Kurt,
>>> =20
>>> Would you please register at bugs.ntp.org and then let me know?
>>> =20
>>> I'll create a security bug for this and list you as the reporter.
>>> =20
>>> Thanks...
>>> =20
>>> H
>>> =20
>>> Kurt Seifried writes:
>>>> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
>>>> --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D7878640036101382342=3D=3D=
>>
>>>> Content-Type: multipart/signed; micalg=3Dpgp-sha1;
>>>>  protocol=3D"application/pgp-signature";
>>>>  boundary=3D"JcVhTu9jRPVGasmrg204k5TGB0ltpkXXa"
>>>>
>>>> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
>>>> --JcVhTu9jRPVGasmrg204k5TGB0ltpkXXa
>>>> Content-Type: text/plain; charset=3Dutf-8
>>>> Content-Transfer-Encoding: quoted-printable
>>>>
>>>> https://www.ssllabs.com/ssltest/analyze.html?d=3D3Dsupport.ntp.org
>>>>
>>>> SSL2, untrusted cert, missing chain, support for 40 bit ciphers/etc.
>>>> Basically there's no point to using SSL if you do it with this config =
>> =3D3D=3D
>>>> (.
>>>>
>>>> Can you please fix this? thanks.
>>>>
>>>> --=3D20
>>>> Kurt Seifried -- Red Hat -- Product Security -- Cloud
>>>> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
>>>>
>>>>
>>>> --JcVhTu9jRPVGasmrg204k5TGB0ltpkXXa
>>>> Content-Type: application/pgp-signature; name=3D"signature.asc"
>>>> Content-Description: OpenPGP digital signature
>>>> Content-Disposition: attachment; filename=3D"signature.asc"
>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1
>>>>
>>>> iQIcBAEBAgAGBQJULOY5AAoJEBYNRVNeJnmTkzwP/27JTdxQgGgwrvVgi7h16D/w
>>>> bPNfi7JV6qG6VsIl/I2NOSYPGU8/4pb0qDY2zZmZ7AJ1F9a+uZ7cOGvLYtLLNG/i
>>>> X2zjbVCzhS/I8jHXkm0Ckdtid+BPyfCPsPC0CVOm0WbqHmT9eDejU6sBDlNA94Uj
>>>> ziRb3XwmRr0ywyqAKu7YUXdOyyho2gVcMU/uzYPGh+gD7aZiAuRAFq8i5GtRkIF7
>>>> +J6T2zv3ssGv5FQV022UjlrU9BjdeiPFMRWjCwKKlGF134+BlUghaU1bZSBkMhu4
>>>> Bq4Z/3vkefrx3jFZDbhOONhWFos0UI5tYBhU1CTBqYnLVaM7CCUhRr/QgSU4S0qC
>>>> zePjDTa7QN0LLbcTT4LyTC/vgNmxc4ZuUY6swsWNRHBfegjhfzMZzy9AoPhFu2U7
>>>> mXyCFs/zMhRBDmof++1m/FVUFMJD1/2yh2cF311F9NKEyo0oR7/zB4ae2qSQ5QVG
>>>> 0xrGLkAKZBMHPP3MNi5/YGcFfAG+Ou1t/UHVuHMlZv20r72Vu9MqyRrY3UPT+gjK
>>>> Sp9tTey2Cm6pVhkv9RQiuHeowoJJfCu1yBM5f5BPf7nC1pfvnBvuDIRK3DTguSRE
>>>> W93w64I1lo/S2a/Lgj7pxxW40CsMcS6veP0RaYxOLWPgbPBrPWXG8AKuwDuBYM9r
>>>> VlPRoaeoWOhLN9W5uh5L
>>>> =3DTiur
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> --JcVhTu9jRPVGasmrg204k5TGB0ltpkXXa--
>>>>
>>>> --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D7878640036101382342=3D=3D=
>>
>>>> Content-Type: text/plain; charset=3D"us-ascii"
>>>> MIME-Version: 1.0
>>>> Content-Transfer-Encoding: 7bit
>>>> Content-Disposition: inline
>>>>
>>>> _______________________________________________
>>>> security mailing list
>>>> security at lists.ntp.org
>>>> http://lists.ntp.org/listinfo/security
>>>> --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D7878640036101382342=3D=3D=
>> --
>>>>
>>
>> --=20
>> Kurt Seifried -- Red Hat -- Product Security -- Cloud
>> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
>>
>>
>> --u56EOgRg6fwfIDp1qEXSCqOT0UsCwuKEb
>> Content-Type: application/pgp-signature; name="signature.asc"
>> Content-Description: OpenPGP digital signature
>> Content-Disposition: attachment; filename="signature.asc"
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iQIcBAEBAgAGBQJUUKIuAAoJEBYNRVNeJnmTQj8P/jwI8gfYbt1FOZxv1nKcnjyb
>> RN9l/mb1v3TTG6d4Gj+9gFwiEyKQaHnqIU+5JsZbmsrl6gdADnOx5c9d3XsfJpYF
>> Sbk+bYiyeKbRyVdl1ImIDmrkt4X8Lo+oJ64tQRh0VcZf+PwCIP8AqN0UHPiFBIu6
>> hCib+bER0/5UQBhx48rlMyTXzxY6i6S6tdRODTxeX7TX5FHSr+F58TyOtr4QaUdd
>> DIv6gmHZS3COeWDLY/v7IsW5wv4h0cmsi/RXuwgvvmXZ+/zJ8pfRfr0E5pZtp+5j
>> pofApA3fDZZlGYZoEyV/4YQ9GCJw1IqzmLBQG0ZJHDSWw5kxp8ZP/qe0HYZ/tomG
>> dovGVi6bG0XrEQzbfGuAPSvFeAIr4+k4RdShgd/xwVax32+hbOd1nLZFUOJuUMsl
>> 4eLXIj5ZQ+IAkbU5Fu1mCTSg7VQ+oKOD2H5l3Lcg9kRTCKbej+lwVQBTUld+Z9ZR
>> xZN+Pv04XsJLZmSV/s05XCtJ9AupVBwVETPYZqYF8d4pQIP46pEll5fWFaZWM2sD
>> ic+FCcnJwoyihvblx6jKP0QIQcXYlO9ACwhl9hQY26Qi+hxEjqxvfutKMdmgOOGn
>> fnZHxpW39fhDTnbRWWsSmhU5ymsztq+Qig960KnFEvK+gG3tcZc5dqxvhPSulJ3H
>> thl21zvPBsroyo88e5la
>> =FdpJ
>> -----END PGP SIGNATURE-----
>>
>> --u56EOgRg6fwfIDp1qEXSCqOT0UsCwuKEb--
>>

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20141029/c68fe102/attachment.sig>


More information about the security mailing list