A bug in Chrome caused our security middleware to incorrectly forbid file uploads, causing an empty response. This could cause initial installation, upgrades, or unlocking with a license file to fail for all instances using the 11.10.320 OVA. The bug is fixed in the 11.10.320.1 OVA included with this release.
Google researchers have found a critical vulnerability in the SSLv3 protocol. This protocol is very old and has been replaced with TLS 1.0, 1.1 and 1.2. Due to the vulnerability we have disabled SSLv3 support by default in 11.10.348.
We strongly recommend against reenabling SSLv3 but if it is needed after upgrading to 11.10.348 by legacy software the following steps will reenable it:
ghe-unlock WARNING: This command opens root access to the admin user via sudo. It is provided as a troubleshooting facility and should be used only under the guidance of GitHub Enterprise support. While unlocked, any user with admin SSH access will have full root access to the VM. Please use with caution and run the ghe-lock command when finished to prevent accidental modification of system files. Do you understand? [Y/n] Y Okay. Full sudo access via the admin user is now enabled.
Replace the line
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; in
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;:
sudo sed 's/ssl_protocols TLSv1 TLSv1.1 TLSv1.2/ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2/' -i /etc/nginx/sites-enabled/github.conf sudo service nginx reload
You can verify if the change was successful by running the following command from outside the instance:
openssl s_client -connect my-enterprise-instance:443 -ssl3
This should show a message similar to the following:
CONNECTED(00000003) .. Server certificate -----BEGIN CERTIFICATE-----