Multiple packages broke with openssl 1.1.1 upgrade

While I welcome the adding of security features by upgrading vital packages like openssl,
there are at least two packages that I know of which ran fine with libssl 1.1.0 and do not with libssl 1.1.1. This bug has been introduced with the migration from openssl 1.1.0 to 1.1.1 in one of the last point releases.

1. stunnel4 3:5.44-1ubuntu3

stunnel4 breaks with openssl 1.1.1 (which supports TLS 1.3).

I get errors when a Windows stunnel client connects to the stunnel4 daemon:

Feb 20 14:10:03 peterpan.neverland stunnel[24427]: LOG3[0]: s_connect: connect ::1:3128
: Connection refused (111)

This can be fixed when I manually add "MaxProtocol = TLSv1.2" to /etc/ssl/openssl.conf, showing that TLS 1.3 introduced by openssl 1.1.1 is the culprit.

stunnel4 needs an update. At least for stunnel4, another fix would be to specify "sslVersion = TLSv1.2" in its config file.

2. pure-ftpd 1.0.46-1build1

Same thing here. You cannot connect once you use "tls=2" or higher if openssl 1.1.1 with TLS 1.3 is active. Only fix here I found is to limit the max protocol in openssl for all applications. pure-ftpd itself has no means of controlling the TLS version, at least not in the bionic version of it.

I use Ubuntu Server 18.04.04 LTS, BTW and openssl was 1.1.1-1ubuntu2.1~18.04.5.

Both problems could be fixed by backporting stunnel4 and pure-ftpd packages from Focal Fossa.