Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2

Bug #1256576 reported by Jeffrey Walton
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

The long term support version of Ubuntu 12.04 provides OpenSSL 1.0.0. A wireshark trace shows the version of OpenSSL used by Ubuntu does not support TLS 1.2. According to the change logs, TLS 1.2 support was added 14 March 2012. The change log can be found at http://www.openssl.org/news/changelog.html, and the TLS additions can be found under the heading "Changes between 1.0.0h and 1.0.1".

$ ldd /usr/lib/x86_64-linux-gnu/libssl.so
    linux-vdso.so.1 => (0x00007fffd9d84000)
    libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(0x00007f1e0691e000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1e0655e000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1e06359000)
    libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1e06142000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f1e06f6d000)

***********

OpenSSL 1.0.1 is compatible with 1.0.0. From the OpenSSL FAQ (http://www.openssl.org/support/faq.html):

8. How does the versioning scheme work?

After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter releases (e.g. 1.0.1a) can only contain bug and security fixes and no new features. Minor releases change the last number (e.g. 1.0.2) and can contain new features that retain binary compatibility. Changes to the middle number are considered major releases and neither source nor binary compatibility is guaranteed.

**********

By the way, its nearly impossible to file a bug report through the launch pad. The maze that's been created is impossible to navigate, and its worse than one of those phone menu systems. I had to look up the URL to file at http://www.cryptopp.com/wiki/Talk:Linux. Great job to the designers of the system. Its probably the same idiots who thought a tablet manager was a great idea on the desktop..

CVE References

Revision history for this message
Jeffrey Walton (noloader) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1256576/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Revision history for this message
Jeffrey Walton (noloader) wrote :

Sorry guys. I can't find the OpenSSL package, so I cant classify this.

affects: ubuntu → openssl
affects: openssl → openssl (Ubuntu)
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Ubuntu 12.04 contains openssl 1.0.1, which supports TLS v1.2.

Unfortunately, because of the large number of sites which incorrectly handled TLS v1.2 negotiation, we had to disable TLS v1.2 on the client.

See the following bugs for more information:

https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452

Changed in openssl (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Marko Kreen (markokr) wrote :

There are 2 issues with OpenSSL/TLSv1.2 in Ubuntu. I'm on 12.04, but I see the same patch in newer Ubuntu versions.

1) TLSv1.2 is removed from SSLv23_method(). It's technically fine policy decision. But I think it should be reverted at least new Ubuntu versions. All the sites mentioned in +1y old bugs work fine now with TLSv1.2 requests. And several high-profile browsers are now using TLSv1.2 protocol by default (IE11, Chrome, Safari), so any remaining problematic sites will feel pain if they don't fix.

Eg, see site and browser state here: https://www.ssllabs.com/ssltest/analyze.html?d=mediafire.com

My suggestion: remove this limitation at least from 14.04.

2) TLSv1.2 ciphersuite list is cut to first 25. Thanks to 1) this will affect only apps requesting TLSv1.2 explicitly. It allows only AES256 ciphersuites, which is not big problem. But it also disables secure renegotation, which is signaled with extra ciphersuite.

IOW: apps that want the "newest and most secure TLS version" get crippled protocol instead connection failure if some middleware box fails.

My suggestion: please revert this patch from everywhere. It's dumb idea to force "max-compat" to apps that explicitly want TLSv1.2.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Browsers use NSS, which doesn't have the same compatibility issues OpenSSL has. (GnuTLS doesn't seem to have the issues either) Also, they've implemented workarounds by retrying connections without TLSv1.2 when the initial connection failed.

That being said, we'll evaluate whether we can re-enable TLSv1.2 for trusty soon.

Revision history for this message
Jeffrey Walton (noloader) wrote :

> Ubuntu 12.04 contains openssl 1.0.1, which supports TLS v1.2.
My bad.... I should have been using `apt-cache show` instead of `ldd`.

> Unfortunately, because of the large number of sites which incorrectly handled
> TLS v1.2 negotiation, we had to disable TLS v1.2 on the client.
>
> See the following bugs for more information:
>
> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452
I think Marko is probably right - it might be time to revisit some of these decisions made to help the users since the reasons appear no longer valid. From the list of broken sites provided in the bug reports above:

Mediafire: OK per Marko
Saleforce now supports TLSv1.2: https://www.ssllabs.com/ssltest/analyze.html?d=salesforce.com
Facebook now supports TLSv1.2: https://www.ssllabs.com/ssltest/analyze.html?d=graph.facebook.com
Payapl now supports TLSv1.2: https://www.ssllabs.com/ssltest/analyze.html?d=paypal.com
Sourceforge now supports TLSv1.2: https://www.ssllabs.com/ssltest/analyze.html?d=sourceforge.net

As for the broken libraries, such as Python and libcurl, they need to fix their stuff. I can't speak to Python (I nothing about the developers or development process). But I know Daniel at the Curl project l is a awesome leader, the project has a great engineering process and the library performs to expectations.

> Browsers use NSS, which doesn't have the same compatibility issues OpenSSL has.
Not all clients are browsers. Here's from a dev machine *not* loaded with anything other than compilers and associated tools:

    $ apt-cache rdepends openssl | wc -l
    122

I imaging the number would increase if IRC, chat clients and other messaging software was added.

The real problem here is philosophical. It includes the "common case" is taken and not the "worse case". Some folks depend upon these protocols for their lives. Those people would include dissidents under oppressive regimes. We have a moral obligation to get it right for folks who have more to lose than we do. Personally (as a US citizen), I'm embarrassed by all the US human rights violations perpetrated by my country (privacy is a right in many non-US countries in the world). ... Unless, of course, someone thinks Diginotar was a massive spear phishing ploy and Snowden was lying.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

FYI, I have re-enabled full TLSv1.2 support in the dev release (Ubuntu 14.04 LTS).
It is being tracked in bug 1257877

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssl (Ubuntu):
status: New → Confirmed
Revision history for this message
Jeffrey Walton (noloader) wrote :

OpenSSL 1.0.1f was released today. http://marc.info/?l=openssl-announce&m=138902140315854&w=2.

There are three CVE remediations included in the release: CVE-2013-4353, CVE-2013-6449, CVE-2013-6450. http://www.openssl.org/news/openssl-1.0.1-notes.html.

There's also an Apple SecureTransport bug workaround. Apple's SecrureTransport does not properly negotiate ECDHE_ECDSA cipher suites. It affects Mac OS X and could affect iOS (you know how Apple is about their security mistakes...). It might be prudent to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default. http://<email address hidden>/msg32629.html.

Now might be a good time to revisit TLSv1.1 and TLSv1.2 support.

Revision history for this message
Jeffrey Walton (noloader) wrote :

Closing due to "USN-2367-1: OpenSSL update", http://www.ubuntu.com/usn/usn-2367-1/.

Changed in openssl (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

That USN doesn't re-enable TLSv1.2 by default for clients in Ubuntu 12.04. It simply fixes an issue if someone _forced_ TLSv1.2 to be enabled.

Revision history for this message
RedScourge (redscourge) wrote :

This new TLS 1.2 support does not seem to be reflected in Apache2 on 12.04 LTS. It's all well and good that OpenSSL may now be running 1.0.1, but it does not look as though apache has been recompiled against it, and so it is still stuck with only TLS 1.0, which is vunerable to the BEAST attack, thereby making anyone running a webserver on this release PCI non-compliant.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Apache2 in 12.04 supports TLSv1.2 just fine, I've been running test scripts against it.

Revision history for this message
spbike (bill-broadley) wrote :

Mark what exact tests did you run? https://www.ssllabs.com/ssltest/analyze.html by chance?

In your apache config file did you have:
SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2

Reference for that command (Ubuntu 12.04 uses apache 2.2):
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

Revision history for this message
Jeffrey Walton (noloader) wrote :

This can now be closed due to USN-2606-1 (http://www.ubuntu.com/usn/usn-2606-1/).

Good work. I'm glad to see TLS 1.2 is now available to LTS.

Revision history for this message
richard verbrugge (armedia) wrote :

Marc Deslauriers (mdeslaur) wrote on 2013-12-02:
Unfortunately, because of the large number of sites which incorrectly handled TLS v1.2 negotiation, we had to disable TLS v1.2 on the client.

Marc Deslauriers (mdeslaur) wrote on 2014-12-08: #15
Apache2 in 12.04 supports TLSv1.2 just fine, I've been running test scripts against it.

Hi Marc,
I'm running 12.04 and nginx. Is TLSv1.2 enabled on my config?
We are updating to 16.04 but need a quick fix.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

TLSv1.2 was re-enabled in Ubuntu 12.04 LTS in May 2015, so if you install all the updates, you should be getting it.

Revision history for this message
richard verbrugge (armedia) wrote :

Jeffrey Walton (noloader) wrote on 2015-05-12: #17
This can now be closed due to USN-2606-1 (http://www.ubuntu.com/usn/usn-2606-1/).

Good work. I'm glad to see TLS 1.2 is now available to LTS.
-------------

Ohhhh It does work on Apache now. Does it work on nginx also?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.