[Bug 1891805] [NEW] Uses lower than default TLS settings

Dimitri John Ledkov 1891805 at bugs.launchpad.net
Sun Aug 16 13:43:38 UTC 2020 

Public bug reported:

Currently freetds is built against gnutls library, but has support for
both gnutls & openssl.

It tries to set priority strings, and sets them to lower values that are
default in Ubuntu and/or supported by SQL Server.

Please stop directly setting gnutls priority string, or use the same one
as is used in gnutls in Ubuntu. NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-
TLS1.2:+VERS-DTLS1.2:%PROFILE_MEDIUM

Alternatively, please build using openssl library, as that would ensure
that security level 2 is enforced without any code changes of freetds.
(Built in default is DEFAULT at SECLEVEL=2)

All recent/updated version of SQL Server support TLSv1.2
https://support.microsoft.com/en-gb/help/3135244/tls-1-2-support-for-
microsoft-sql-server

** Affects: freetds (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to freetds in Ubuntu.
https://bugs.launchpad.net/bugs/1891805

Title:
  Uses lower than default TLS settings

Status in freetds package in Ubuntu:
  New

Bug description:
  Currently freetds is built against gnutls library, but has support for
  both gnutls & openssl.

  It tries to set priority strings, and sets them to lower values that
  are default in Ubuntu and/or supported by SQL Server.

  Please stop directly setting gnutls priority string, or use the same
  one as is used in gnutls in Ubuntu. NORMAL:-VERS-ALL:+VERS-TLS1.3
  :+VERS-TLS1.2:+VERS-DTLS1.2:%PROFILE_MEDIUM

  Alternatively, please build using openssl library, as that would
  ensure that security level 2 is enforced without any code changes of
  freetds. (Built in default is DEFAULT at SECLEVEL=2)

  All recent/updated version of SQL Server support TLSv1.2
  https://support.microsoft.com/en-gb/help/3135244/tls-1-2-support-for-
  microsoft-sql-server

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetds/+bug/1891805/+subscriptions

More information about the foundations-bugs mailing list