[14:14] <locsmif> Hi all. Does Ubuntu Hirsute ignore TLS minimum version settings in /etc/ssl/openssl.cnf because of the compile flag -DOPENSSL_TLS_SECURITY_LEVEL=2? This compile flag appears to have been added specifically in Ubuntu. However, the suggestion appears to be that it can be overridden in /etc/ssl/openssl.cnf
[14:15] <locsmif> I've tested that according to e.g. https://itectec.com/ubuntu/ubuntu-enable-tls-1-0-and-tls-1-1-on-ubuntu-20-04/  (although for 21.04, not 20.04) and it appears not to be the case. Running OpenSSL 1.1.1j here on 21.04
[14:15] <locsmif> I can't connect to a site I know supports TLS1.1 (through Qualys testing online) with e.g. s_client
[14:16] <locsmif> using e.g. -tls1_1
[14:17] <locsmif> The error is: 140544973608320:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:../ssl/statem/statem_clnt.c:1112:
[14:18] <locsmif> I am willing to build openssl myself, but I'd like to exhaust all other options (e.g. configuration tweaks instead of building myself) before going there
[14:19] <locsmif> ..because the changelog does suggest configurability: https://launchpad.net/ubuntu/+source/openssl/+changelog
[14:38] <hank> CVE-2020-15703 has an invalid date in the OVAL feeds
[14:38] <hank> aka USN-4537-1
[14:39] <hank> `<public_date_at_usn>unknown</public_date_at_usn>`
[15:12] <sbeattie> hank: thanks, fixed.
[15:13] <hank> ty
[22:19] <sarnold> fungi: https://ubuntu.com/security/notices/USN-5121-2
[22:19] <fungi> thanks again sarnold!
[22:20] <sarnold> fungi: yw :)
[22:20] <fungi> i see the cve tracker's not updated yet for it though
[22:20] <fungi> i suppose that just lags behind a bit?
[22:21] <sarnold> it does, but maybe it was overlooked..