Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
Bug #1972939 reported by
Nathan Stratton Treadway
This bug report is a duplicate of:
Bug #1990216: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy.
Edit
Remove
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Release Notes for Ubuntu |
New
|
Undecided
|
Unassigned | ||
openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Confirmed
|
Undecided
|
Unassigned | ||
tinc (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Jammy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1).
(Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.)
The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5):
Error during initialisation of cipher from tinc_xenial [...] error:0308010C:
Changed in tinc (Ubuntu): | |
status: | New → Confirmed |
status: | Confirmed → Invalid |
Changed in openssl (Ubuntu): | |
status: | New → Confirmed |
Changed in openssl (Ubuntu Jammy): | |
status: | New → Confirmed |
Changed in tinc (Ubuntu Jammy): | |
status: | New → Invalid |
Changed in openssl (Ubuntu): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Since the tinc version number in Focal/Impish and Jammy are the same, it might be worth adding a warning to the release notes to people don't unexpectedly loose VPN access by upgrading to Jammy. (Or explaining a workaround there, if one can be determined.)