SECLEVEL=2 & tls1.2-min by default are causing ftbfs / autopkgtest failures

Bug #1858971 reported by Dimitri John Ledkov on 2020-01-09
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cmake (Ubuntu)
Undecided
Unassigned
nodejs (Ubuntu)
Undecided
Unassigned
openssl (Ubuntu)
Undecided
Unassigned
python2.7 (Ubuntu)
Undecided
Unassigned
python3.7 (Ubuntu)
Undecided
Unassigned
python3.8 (Ubuntu)
Undecided
Unassigned
ruby-openssl (Ubuntu)
Undecided
Unassigned
ruby2.5 (Ubuntu)
Undecided
Unassigned

Bug Description

SECLEVEL=2 by default is causing ftbfs / autopkgtest failure

openssl switched to SECLEVEL=2 by default

Causes:

SSL_CTX_use_certificate: ca md too weak in ruby2.5 ruby-openssl

openssl uses tls1.2-min:

test_ssl failing in python2.7
ERROR: test_protocol_sslv23 (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.

tags: added: update-excuse
description: updated
tags: added: tls1.2-min
summary: - SECLEVEL=2 by default is causing ftbfs / autopkgtest failure
+ SECLEVEL=2 & tls1.2-min by default are causing ftbfs / autopkgtest
+ failures
Dimitri John Ledkov (xnox) wrote :

nodejs small keys

Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

Dimitri John Ledkov (xnox) wrote :

mysql-8.0 confused about it

CURRENT_TEST: main.events_bugs
mysqltest: At line 1036: Query 'CREATE EVENT e1 ON SCHEDULE AT '2020-01-01 00:00:00' DO SET @a = 1' succeeded, should have failed with error '1290'

no longer affects: openssh (Ubuntu)
Changed in ruby-openssl (Ubuntu):
status: New → Fix Committed
Changed in nodejs (Ubuntu):
status: New → Fix Committed
Changed in ruby2.5 (Ubuntu):
status: New → Fix Committed
Changed in python3.8 (Ubuntu):
status: New → Fix Committed
Changed in python3.7 (Ubuntu):
status: New → Fix Committed
Changed in python2.7 (Ubuntu):
status: New → Fix Committed
Changed in cmake (Ubuntu):
status: New → Fix Committed
Changed in openssl (Ubuntu):
status: New → Fix Released
Changed in cmake (Ubuntu):
status: Fix Committed → Fix Released
Changed in nodejs (Ubuntu):
status: Fix Committed → Fix Released
Changed in python2.7 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers