[Bug 1018998] [NEW] SSL_OP_ALL incorrectly disables TLS 1.1

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jun 28 19:55:54 UTC 2012 

*** This bug is a security vulnerability ***

Public security bug reported:

>From the openssl 1.0.1b changelog:

  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
     1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
     mean any application compiled against OpenSSL 1.0.0 headers setting
     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng
     TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to
     0x10000000L Any application which was previously compiled against
     OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1
     will need to be recompiled as a result. Letting be results in
     inability to disable specifically TLS 1.1 and in client context,
     in unlike event, limit maximum offered version to TLS 1.0

Any package in the repo that got compiled on oneiric, or on precise
before 2012-03-24 02:03:49 EDT got compiled with SSL_OP_ALL set to
0x80000FFFL, and is telling openssl on precise to disable tls v1.1.

openssl 1.0.1 had SSL_OP_ALL set to 0x80000BFFL.

We have two choices:

1- We rebuild all packages that are in the archive that were built
before 2012-03-24 02:03:49 EDT so they set SSL_OP_ALL to 0x80000BFFL.
Unfortunately, that means when we push 1.0.1b to quantal, they will no
longer be able to use SSL_OP_NO_TLSv1_1 to disable tlsv1.1 during
runtime.

2- We issue an openssl security update for precise and quantal that
switches SSL_OP_NO_TLSv1_1 to 0x10000000L, as in 1.0.1b. This means old
applications will not disable tls v1.1 by accident, but will no longer
be able to use SSL_OP_NO_TLSv1_1 to disable tlsv1.1 during runtime. If
some applications are known to rely on runtime disabling of tls v1.1, we
can simply rebuild them once the openssl security update has been pushed
out.

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: Confirmed

** Affects: openssl (Ubuntu Precise)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: Confirmed

** Affects: openssl (Ubuntu Quantal)
     Importance: Undecided
         Status: Confirmed


** Tags: rls-q-incoming

** Also affects: openssl (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Quantal)
   Importance: Undecided
       Status: New

** Tags added: rls-q-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1018998

Title:
  SSL_OP_ALL incorrectly disables TLS 1.1

Status in “openssl” package in Ubuntu:
  Confirmed
Status in “openssl” source package in Precise:
  Confirmed
Status in “openssl” source package in Quantal:
  Confirmed

Bug description:
  From the openssl 1.0.1b changelog:

    *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
       1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
       mean any application compiled against OpenSSL 1.0.0 headers setting
       SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng
       TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to
       0x10000000L Any application which was previously compiled against
       OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1
       will need to be recompiled as a result. Letting be results in
       inability to disable specifically TLS 1.1 and in client context,
       in unlike event, limit maximum offered version to TLS 1.0

  Any package in the repo that got compiled on oneiric, or on precise
  before 2012-03-24 02:03:49 EDT got compiled with SSL_OP_ALL set to
  0x80000FFFL, and is telling openssl on precise to disable tls v1.1.

  openssl 1.0.1 had SSL_OP_ALL set to 0x80000BFFL.

  We have two choices:

  1- We rebuild all packages that are in the archive that were built
  before 2012-03-24 02:03:49 EDT so they set SSL_OP_ALL to 0x80000BFFL.
  Unfortunately, that means when we push 1.0.1b to quantal, they will no
  longer be able to use SSL_OP_NO_TLSv1_1 to disable tlsv1.1 during
  runtime.

  2- We issue an openssl security update for precise and quantal that
  switches SSL_OP_NO_TLSv1_1 to 0x10000000L, as in 1.0.1b. This means
  old applications will not disable tls v1.1 by accident, but will no
  longer be able to use SSL_OP_NO_TLSv1_1 to disable tlsv1.1 during
  runtime. If some applications are known to rely on runtime disabling
  of tls v1.1, we can simply rebuild them once the openssl security
  update has been pushed out.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1018998/+subscriptions

More information about the foundations-bugs mailing list