This is a follow up to Override Distro Package with Custom Package?.
Does anyone know if Ubuntu 14.04's OpenSSL enables all TLS protocols (TLS1.0, TLS1.1 and TLS1.2)? Or does it have protocols disabled (TLS1.1 and TLS1.2) like past versions?
Related: how does one even check for this sort of thing?
Edit: This is not a bug report question; nor is it a developer question. You guys are taking the "Close as Bug Report" much too far.
$ cat /etc/issue
Ubuntu 14.04 LTS \n \l
$ apt-cache policy openssl
openssl:
Installed: 1.0.1f-1ubuntu2
Candidate: 1.0.1f-1ubuntu2
Version table:
*** 1.0.1f-1ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
100 /var/lib/dpkg/status
$ openssl ciphers -v 'TLSv1.2' | head -4
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
I would like to summarize the answer by @andrewsomething...
Short answer TLSv1.2.
Specifically on your system use the command:
$ openssl ciphers -v TLSv1
You can replace v1 with v1.[012] as needed to see details. Note you will want to use TLSv1 and TLSv1.2 (1.0 and 1.1 are disabled by default).
According to the changelog, TLS 1.1 was last disabled by a bug fixed in version 1.0.1b (26 Apr 2012). Since then, TLS support was never disabled by default. However, they can be disabled.
To find out whether a server has any of the SSL protocols disabled, you can use:
nmap --script +ssl-enum-ciphers example.com
This will give you a return like this one:
Starting Nmap 6.47 ( http://nmap.org ) at 2015-11-06 12:00 UTC
...
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
...
| TLSv1.0:
| ciphers:
...
| TLSv1.1:
| ciphers:
...
| TLSv1.2:
| ciphers:
...
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 22.15 seconds
When a protocol is not supported it is, usually, not present in the list.
