Ubuntu
lighttpd package

lighttpd broken by OpenSSL update

Bug #1832295 reported by Jim Tittsler on 2019-06-11

This bug affects 4 people

Affects

Status

Importance

Assigned to

Milestone

lighttpd (Ubuntu)

Confirmed

Undecided

Unassigned

You need to log in to change this bug's status.

Affecting:	lighttpd (Ubuntu)
Filed here by:	Jim Tittsler
When:	2019-06-11
Confirmed:	2019-06-12

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Undecided

Assigned to

	Nobody
	Me

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

After installing today's bionic OpenSSL update (1.1.0g-2ubuntu4.3 -> 1.1.1-1ubuntu2.1~18.04.1 and associated libraries) SSL is broken in lighttpd 1.4.45-1ubuntu3. The logs are full of messages of the form:

2019-06-11 12:02:20: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection

Perhaps problem with TLS v1.3 negotiation? (And the version of lighttpd is too old to have the ssl.openssl.ssl-conf-cmd directive to try to disable it.)

Description: Ubuntu 18.04.2 LTS
Release: 18.04

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: lighttpd 1.4.45-1ubuntu3
ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Tue Jun 11 14:18:55 2019
SourcePackage: lighttpd
UpgradeStatus: Upgraded to bionic on 2018-06-10 (365 days ago)
modified.conffile..etc.lighttpd.conf-available.10-cgi.conf: [modified]
modified.conffile..etc.lighttpd.lighttpd.conf: [modified]
mtime.conffile..etc.lighttpd.conf-available.10-cgi.conf: 2015-07-16T10:18:19.857892
mtime.conffile..etc.lighttpd.lighttpd.conf: 2019-06-11T12:01:59.493213

Tags: Edit Tag help

Jim Tittsler (jwt) wrote on 2019-06-11:

Dependencies.txt Edit (2.0 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (948 bytes, text/plain; charset="utf-8")
ProcEnviron.txt Edit (331 bytes, text/plain; charset="utf-8")

Jim Tittsler (jwt) wrote on 2019-06-11:

A Debian bug suggests that lighttpd < 1.4.51 is broken by libssl 1.1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913558

Launchpad Janitor (janitor) wrote on 2019-06-12:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lighttpd (Ubuntu):
status:	New → Confirmed

Jim Tittsler (jwt) wrote on 2019-06-12:

Simply rebuilding the source deb against the new libraries isn't enough to make it work.

Jim Tittsler (jwt) wrote on 2019-06-14:

To eliminate further downtime, I built/installed lighttpd 1.4.54 which resolved the problem.

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

debbugs #913558
[done important] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulighttpd package