openssl 1.0.1-4ubuntu2 breaks a bunch of ciphers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
High
|
Canonical Foundations Team | ||
Precise |
Fix Released
|
High
|
Canonical Foundations Team |
Bug Description
in version 1.0.1-4ubuntu2, we see:
openssl (1.0.1-4ubuntu2) precise-proposed; urgency=low
* Backport more upstream patches to work around TLS 1.2 failures
(LP #965371):
...
- Truncate the number of ciphers sent in the client hello to 50. Most
broken servers should now work.
...
-- Colin Watson <email address hidden> Wed, 18 Apr 2012 15:03:56 +0100
We have a server which offers a very small number of ciphers. When this change hit, suddenly our hosts could no longer contact this server, getting the error:
$ openssl s_client -connect HOSTNAME:9140
CONNECTED(00000003)
139736292189856
The problem here was tracked down to a failure to find a matching cipher. If we specify -cipher RC4-SSH (the only one essentially which the server permits) or -ssl3, the connection succeeds.
The problem is this truncation of the number of ciphers sent. RC4-SSH shows up at something like #74 on our list, so it is getting truncated. When we specify exactly the cipher to use, of course it works, and if we say -ssl3, then that also reduces the number which would be sent, and now RC4-SSH is in the top fifty again.
This is a pretty disastrous change, in fact; it means that openssl basically now supports only fifty ciphers at a time, and then an essentially random and unpredictable set. Not only does this mean a loss of functionality, it could be a loss in security if clients get pushed to less secure ciphers because the more secure ones happened to be after number fifty in the list.
Related branches
CVE References
Changed in openssl (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Canonical Foundations Team (canonical-foundations) |
tags: | added: rls-p-tracking |
Changed in openssl (Ubuntu): | |
milestone: | none → ubuntu-12.04.1 |
tags: |
added: verification-done removed: verification-needed |
Changed in openssl (Ubuntu Precise): | |
status: | Fix Released → Fix Committed |
openssl s_client -showcerts -connect d3vwyrdyja2n00. cloudfront. net:443 - Fails cloudfront. net:443 - Works
openssl s_client -showcerts -tls1 -connect d3vwyrdyja2n00.