Quantcast

[ANN] glu 5.5.4 released

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[ANN] glu 5.5.4 released

frenchyan
Administrator
Hi guys

I have just released glu 5.5.4. Here are the release notes:

5.5.4 (2015/01/20)

Download

Download the latest version of glu

Download glu latest release from Bintray.

This release disables the sslv3 protocol entirely in the agent to fix the issue related to POODLE. Note that there is no other change in this release, so if you do not worry about the POODLE issue because for example your agents are not accessible outside your own network, or you are not even running the agents in secure mode (http vs https), then you can skip this release.

  • Implemented glu-277Disable sslv3 for glu agent
Yan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [ANN] glu 5.5.4 released

frenchyan
Administrator
Here is the test I ran for making sure the fix is working:

with 5.5.3:
> openssl s_client -connect localhost:12906 -ssl3
CONNECTED(00000003)
depth=0 C = US, ST = CA, L = Mountain View, O = LinkedIn, OU = Dev, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = CA, L = Mountain View, O = LinkedIn, OU = Dev, CN = localhost
verify return:1
140735140467552:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1275:SSL alert number 10
140735140467552:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
Certificate chain
 0 s:/C=US/ST=CA/L=Mountain View/O=LinkedIn/OU=Dev/CN=localhost
   i:/C=US/ST=CA/L=Mountain View/O=LinkedIn/OU=Dev/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIESphBWjANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxETAPBgNVBAoT
CExpbmtlZEluMQwwCgYDVQQLEwNEZXYxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0w
OTA4MjgyMDQzMDZaFw0xNTAyMTgyMDQzMDZaMGcxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzERMA8GA1UEChMITGlua2Vk
SW4xDDAKBgNVBAsTA0RldjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+soNVDg22G6I+3Xh6USaKY3qm5dPO+e0Cex
iv9UWAqkCAYNJt4tQt66tN5N5PrUVd4oRRTMRKdVOTZ1xRm9dljG12ffUslnk1BD
6fZtPr6NHnJRbSoTkZjrdyaqCM2ul2M3i4s0pWtRUEBgtSeHNuEhKWI+sc4HeEOn
m3IbW5jeXRQLvxaph6Z8QaRyzzH/h/B3GVdQHTD18qqlsqJiMb/j/7A8P8GukEhr
rUxNn0t8mVtAOiQus1DWzrOP57HnExjr/2MdcihkwXrcwCNewOu+p4ka937RNbFv
JuLn0+LqppwIGJPIsgJ6QLw8m9hET6Y8K/B0eAp8xt/0AWP/eQIDAQABMA0GCSqG
SIb3DQEBBQUAA4IBAQCdzjJgc9o1djs1CW69RSNNKoWlAl3jaOf5NKUwh3Srhvi/
ad0RaoQg0Do0QvK9tBmXwAkFD9wweg/nafNZdrplno73l5/h9oq3eOsqKH0b8NmZ
J5pJBLqFrmoo1Z7rqkuPbvrp/d/H+c+bXi/MfOI95Z5YaGQHd4IVGv6EmnDm4Wpg
g3V06YDYhJEGEya6/FA6zvOdncqGyEAmCK7QDeRYjXt7XZmMziI+4L6AL21PMQiq
SPzxRLpD6rY0ad1xWwuk2QDSwVwA40JesVGonVYDp2t9EYhQHkRP+lKVwbQwx/DB
Doua9NdsSN3Xq7GtV7fN8DY/Akaa0NxCM4Kstqe6
-----END CERTIFICATE-----
subject=/C=US/ST=CA/L=Mountain View/O=LinkedIn/OU=Dev/CN=localhost
issuer=/C=US/ST=CA/L=Mountain View/O=LinkedIn/OU=Dev/CN=localhost
---
Acceptable client certificate CA names
/C=US/ST=CA/L=Mountain View/O=LinkedIn/OU=Dev/CN=Console
---
SSL handshake has read 1399 bytes and written 157 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : ECDHE-RSA-AES128-SHA
    Session-ID: 54BE9737F30DF832C3E09101AA6E693CF4688549D4C7FC1B3B82CE6E157458D6
    Session-ID-ctx:
    Master-Key: 2235C3E9BA5F00B537BF8B2292834FF786A034D6ADF8AE5418DE4F62CA4085AC0239D1B7E1F8ABF769C7414FE4087B1E
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1421776695
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---

> curl -v3 -X HEAD https://localhost:12906/ --insecure
* Hostname was NOT found in DNS cache
*   Trying ::1...
* Connected to localhost (::1) port 12906 (#0)
* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS alert, Client hello (1):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS alert, Server hello (2):
* error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message
* Closing connection 0
curl: (35) error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message

with 5.5.4:
> openssl s_client -connect localhost:12906 -ssl3
CONNECTED(00000003)
140735140467552:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:338:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1421778534
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

> curl -v3 -X HEAD https://localhost:12906/ --insecure
* Hostname was NOT found in DNS cache
*   Trying ::1...
* Connected to localhost (::1) port 12906 (#0)
* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Loading...