Ubuntu
gnutls28 package

issue with TLS 1.2 session ticket handling as client during resumption

  1. Bionic (18.04)
  2. Bug #1873565
Bug #1873565 reported by Lucy Llewellyn
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gnutls
Fix Released
Unknown
gnutls28 (Ubuntu)
Fix Released
High
Unassigned
Bionic
New
Medium
Unassigned
Eoan
Won't Fix
Medium
Unassigned

Bug Description

Known upstream bug, that has been fixed upstream. There is an issue with session ticket handling in GnuTLS during session resumption.

The issue is intermittent, but can eventually be reproduced by running:

gnutls-cli --resume api.twitter.com 443

When you trigger the bug the output will finish with the following two lines:

*** Fatal error: An unexpected TLS packet was received.
*** handshake has failed: An unexpected TLS packet was received.

This is breaking the Cawbird Snap package based on Bionic/Core18.

The issue affects both Bionic and Eoan.

ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: gnutls-bin 3.6.9-5ubuntu1.1
ProcVersionSignature: User Name 5.3.0-46.38-generic 5.3.18
Uname: Linux 5.3.0-46-generic x86_64
ApportVersion: 2.20.11-0ubuntu8.8
Architecture: amd64
Date: Sat Apr 18 15:05:04 2020
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: gnutls28
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Lucy Llewellyn (lucyllewy) wrote :
description: updated
Revision history for this message
Lucy Llewellyn (lucyllewy) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in gnutls:
status: Unknown → Fix Released
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "The upstream diff from MR1087 fixing the issue." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Lucy Llewellyn (lucyllewy)
description: updated
Brian Murray (brian-murray)
tags: added: rls-ee-incoming
Revision history for this message
Sebastien Bacher (seb128) wrote :

The issue seems fixed in focal so it's about backporting to older series

Sebastien Bacher (seb128)
Changed in gnutls28 (Ubuntu):
importance: Undecided → High
Revision history for this message
Mathew Hodson (mhodson) wrote :

This was fixed in version 3.6.11

Changed in gnutls28 (Ubuntu Eoan):
importance: Undecided → Medium
Changed in gnutls28 (Ubuntu):
status: New → Fix Released
Changed in gnutls28 (Ubuntu Bionic):
importance: Undecided → Medium
Revision history for this message
Brian Murray (brian-murray) wrote :

The Eoan Ermine has reached end of life, so this bug will not be fixed for that release

Changed in gnutls28 (Ubuntu Eoan):
status: New → Won't Fix
Revision history for this message
William Wilson (jawn-smith) wrote :

@diddledani the patch in comment 2 doesn't apply cleanly in bionic. Would you be able to redo the patch for bionic?

Revision history for this message
Lucy Llewellyn (lucyllewy) wrote :

There's quite a lot that doesn't apply cleanly against the source in bionic. I don't think I'm able to work through the issues with it safely.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.