Ubuntu
lighttpd package

  1. Bug #1800605
  2. Comment #2

Comment 2 for bug 1800605

Revision history for this message
René Vögeli (rvoegeli) wrote :

Still an issue in bionic after update today (2019-06-13).

Setting

ssl.disable-client-renegotiation = "disable"

in lighttpd.conf helps, but is not really a solution, because of CVE-2009-3555.

lighttpd 1.4.45-1ubuntu3
libssl1.1 1.1.1-1ubuntu2.1~18.04.1