issue with TLS 1.2 session ticket handling as client during resumption

Bug #1873565 reported by Daniel Llewellyn on 2020-04-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
gnutls28 (Ubuntu)

Bug Description

Known upstream bug, that has been fixed upstream. There is an issue with session ticket handling in GnuTLS during session resumption.

The issue is intermittent, but can eventually be reproduced by running:

gnutls-cli --resume 443

When you trigger the bug the output will finish with the following two lines:

*** Fatal error: An unexpected TLS packet was received.
*** handshake has failed: An unexpected TLS packet was received.

This is breaking the Cawbird Snap package based on Bionic/Core18.

The issue affects both Bionic and Eoan.

ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: gnutls-bin 3.6.9-5ubuntu1.1
ProcVersionSignature: User Name 5.3.0-46.38-generic 5.3.18
Uname: Linux 5.3.0-46-generic x86_64
ApportVersion: 2.20.11-0ubuntu8.8
Architecture: amd64
Date: Sat Apr 18 15:05:04 2020
 PATH=(custom, no user)
SourcePackage: gnutls28
UpgradeStatus: No upgrade log present (probably fresh install)

Daniel Llewellyn (diddledan) wrote :
description: updated
Changed in gnutls:
status: Unknown → Fix Released

The attachment "The upstream diff from MR1087 fixing the issue." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
description: updated
tags: added: rls-ee-incoming
Sebastien Bacher (seb128) wrote :

The issue seems fixed in focal so it's about backporting to older series

Changed in gnutls28 (Ubuntu):
importance: Undecided → High
Mathew Hodson (mhodson) wrote :

This was fixed in version 3.6.11

Changed in gnutls28 (Ubuntu Eoan):
importance: Undecided → Medium
Changed in gnutls28 (Ubuntu):
status: New → Fix Released
Changed in gnutls28 (Ubuntu Bionic):
importance: Undecided → Medium
Brian Murray (brian-murray) wrote :

The Eoan Ermine has reached end of life, so this bug will not be fixed for that release

Changed in gnutls28 (Ubuntu Eoan):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.