It was discovered that OpenSSL incorrectly handled the
SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications. Updated packages are available from security.ubuntu.com.
========================================================================== Ubuntu Security Notice USN-1516-1 July 25, 2012 openssl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: OpenSSL incorrectly disabled TLS 1.1 and TLS 1.2 in certain applications. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.3 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1516-1 https://launchpad.net/bugs/1018998 Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.3