2012-09-17 10:06:52 |
Tyler Hicks |
bug |
|
|
added bug |
2012-09-17 10:09:01 |
Tyler Hicks |
openssl (Ubuntu): assignee |
|
Tyler Hicks (tyhicks) |
|
2012-09-18 00:14:42 |
Tyler Hicks |
description |
openssl 1.0.1c-3ubuntu1 dropped almost all of debian/patches/tls12_workarounds.patch because the upstream 1.0.1c release contained the changes.
However, the dropped pieces of tls12_workarounds.patch had a subtle difference from upstream. In the Ubuntu patch, ssl23_client_hello() checked the *client* TLS version when deciding if the cipher list should be truncated or not for TLS 1.2. The upstream code checks the *server* TLS version, which I believe is incorrect since the ServerHello hasn't even occurred yet. The upstream commit can be found here:
http://cvs.openssl.org/chngview?cn=22408
The change from TLS1_get_versions() to TLS1_get_client_versions() was discussed here:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4
This bug can be reproduced with the following command:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath /etc/ssl/certs/
It will fail unless -tls1 is specified like so:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath /etc/ssl/certs/ -tls1
Making this change fixes the problem (ssl3_client_hello() will probably need the same change):
--- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-09-17 01:06:06.584617683 -0700
+++ openssl-1.0.1c/ssl/s23_clnt.c 2012-09-17 02:09:01.140540223 -0700
@@ -491,7 +491,7 @@
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
- if (TLS1_get_version(s) >= TLS1_2_VERSION
+ if (TLS1_get_client_version(s) >= TLS1_2_VERSION
&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
#endif |
openssl 1.0.1c-3ubuntu1 dropped almost all of debian/patches/tls12_workarounds.patch because the upstream 1.0.1c release contained the changes.
However, the dropped pieces of tls12_workarounds.patch had a subtle difference from upstream. In the Ubuntu patch, ssl23_client_hello() checked the *client* TLS version when deciding if the cipher list should be truncated or not for TLS 1.2. The upstream code (http://cvs.openssl.org/chngview?cn=22408) checks the *negotiated* TLS version, which I believe is incorrect since the ServerHello hasn't even occurred yet in order to negotiate the TLS version.
The change from TLS1_get_versions() to TLS1_get_client_versions() was discussed here:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4
This bug can be reproduced with the following command:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath /etc/ssl/certs/
It will fail unless -tls1 is specified like so:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath /etc/ssl/certs/ -tls1
Making this change fixes the problem (ssl3_client_hello() will probably need the same change):
--- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-09-17 01:06:06.584617683 -0700
+++ openssl-1.0.1c/ssl/s23_clnt.c 2012-09-17 02:09:01.140540223 -0700
@@ -491,7 +491,7 @@
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
- if (TLS1_get_version(s) >= TLS1_2_VERSION
+ if (TLS1_get_client_version(s) >= TLS1_2_VERSION
&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
#endif |
|
2012-09-18 06:33:25 |
Gianfranco Costamagna |
bug |
|
|
added subscriber LocutusOfBorg |
2012-10-03 08:33:10 |
Tyler Hicks |
bug watch added |
|
http://rt.openssl.org/Ticket/Display.html?id=2881 |
|
2012-10-03 08:33:10 |
Tyler Hicks |
bug task added |
|
openssl |
|
2012-10-03 21:14:46 |
James Troup |
bug |
|
|
added subscriber The Canonical Sysadmins |
2012-10-03 21:15:13 |
James Troup |
tags |
|
rls-q-incoming |
|
2012-10-03 21:15:39 |
Sean Sosik-Hamor |
bug |
|
|
added subscriber Sean Sosik-Hamor |
2012-10-04 21:07:51 |
Tyler Hicks |
attachment added |
|
openssl_1.0.1c-3ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1051892/+attachment/3373510/+files/openssl_1.0.1c-3ubuntu2.debdiff |
|
2012-10-04 21:11:29 |
Tyler Hicks |
openssl (Ubuntu): assignee |
Tyler Hicks (tyhicks) |
|
|
2012-10-04 21:11:43 |
Tyler Hicks |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2012-10-05 15:16:27 |
Micah Gersten |
tags |
rls-q-incoming |
quantal regression-release rls-q-incoming |
|
2012-10-05 15:16:34 |
Micah Gersten |
nominated for series |
|
Ubuntu Quantal |
|
2012-10-05 15:16:34 |
Micah Gersten |
bug task added |
|
openssl (Ubuntu Quantal) |
|
2012-10-05 15:17:03 |
Micah Gersten |
openssl (Ubuntu Quantal): status |
Triaged |
In Progress |
|
2012-10-05 15:17:03 |
Micah Gersten |
openssl (Ubuntu Quantal): assignee |
|
Micah Gersten (micahg) |
|
2012-10-05 17:04:58 |
Micah Gersten |
openssl (Ubuntu Quantal): status |
In Progress |
Fix Committed |
|
2012-10-05 17:04:58 |
Micah Gersten |
openssl (Ubuntu Quantal): assignee |
Micah Gersten (micahg) |
|
|
2012-10-05 17:05:07 |
Micah Gersten |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2012-10-07 01:59:13 |
Launchpad Janitor |
openssl (Ubuntu Quantal): status |
Fix Committed |
Fix Released |
|
2013-12-11 06:21:11 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/openssl |
|
2018-06-27 10:12:02 |
Bug Watch Updater |
openssl: status |
Unknown |
Fix Released |
|