Ubuntu
openssl package

Unable to use TLSv1.1 to connect to external servers

Bug #1878519 reported by Gordon Lack
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I'm on 20.04 LTS (Focal Fossa). (Kubuntu)

openssl (I'm on 1.1.1f-1ubuntu2) appears to now be set to use a minimum of TLSv1.2

This is despite the fact that the Changelog (https://launchpad.net/ubuntu/+source/openssl/+changelog) says:
      Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".

As a result of this I can't get fetchmail to connect to an external IMPA server I use, which only uses TLSv1.1

I *can* get:
  openssl s_client -state -cipher "DEFAULT:@SECLEVEL=1" -connect ... -starttls imap
to open a connexion, but I can find no way of getting that option into a configuration file such that it is used.

Consequently I cannot use a secure connexion to retrieve my emails.

All was fine in 19.10.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssl (Ubuntu):
status: New → Confirmed
Revision history for this message
Andrea Giudiceandrea (andreaerdna) wrote :

See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689/comments/13 for a workaround.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Instructions on how to make your system insecure and easy to hack are here https://discourse.ubuntu.com/t/default-to-tls-v1-2-in-all-tls-libraries-in-20-04-lts/12464/8?u=xnox

Changed in openssl (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.