[Bug 1051892] [NEW] [Quantal] Regression in TLS 1.2 workarounds
Tyler Hicks
tyhicks at canonical.com
Mon Sep 17 10:06:52 UTC 2012
Public bug reported:
openssl 1.0.1c-3ubuntu1 dropped almost all of
debian/patches/tls12_workarounds.patch because the upstream 1.0.1c
release contained the changes.
However, the dropped pieces of tls12_workarounds.patch had a subtle
difference from upstream. In the Ubuntu patch, ssl23_client_hello()
checked the *client* TLS version when deciding if the cipher list should
be truncated or not for TLS 1.2. The upstream code checks the *server*
TLS version, which I believe is incorrect since the ServerHello hasn't
even occurred yet. The upstream commit can be found here:
http://cvs.openssl.org/chngview?cn=22408
The change from TLS1_get_versions() to TLS1_get_client_versions() was
discussed here:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4
This bug can be reproduced with the following command:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
/etc/ssl/certs/
It will fail unless -tls1 is specified like so:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
/etc/ssl/certs/ -tls1
Making this change fixes the problem (ssl3_client_hello() will probably
need the same change):
--- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-09-17 01:06:06.584617683 -0700
+++ openssl-1.0.1c/ssl/s23_clnt.c 2012-09-17 02:09:01.140540223 -0700
@@ -491,7 +491,7 @@
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
- if (TLS1_get_version(s) >= TLS1_2_VERSION
+ if (TLS1_get_client_version(s) >= TLS1_2_VERSION
&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
#endif
** Affects: openssl (Ubuntu)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Triaged
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1051892
Title:
[Quantal] Regression in TLS 1.2 workarounds
Status in “openssl” package in Ubuntu:
Triaged
Bug description:
openssl 1.0.1c-3ubuntu1 dropped almost all of
debian/patches/tls12_workarounds.patch because the upstream 1.0.1c
release contained the changes.
However, the dropped pieces of tls12_workarounds.patch had a subtle
difference from upstream. In the Ubuntu patch, ssl23_client_hello()
checked the *client* TLS version when deciding if the cipher list
should be truncated or not for TLS 1.2. The upstream code checks the
*server* TLS version, which I believe is incorrect since the
ServerHello hasn't even occurred yet. The upstream commit can be found
here:
http://cvs.openssl.org/chngview?cn=22408
The change from TLS1_get_versions() to TLS1_get_client_versions() was
discussed here:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4
This bug can be reproduced with the following command:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
/etc/ssl/certs/
It will fail unless -tls1 is specified like so:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
/etc/ssl/certs/ -tls1
Making this change fixes the problem (ssl3_client_hello() will
probably need the same change):
--- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-09-17 01:06:06.584617683 -0700
+++ openssl-1.0.1c/ssl/s23_clnt.c 2012-09-17 02:09:01.140540223 -0700
@@ -491,7 +491,7 @@
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
- if (TLS1_get_version(s) >= TLS1_2_VERSION
+ if (TLS1_get_client_version(s) >= TLS1_2_VERSION
&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
#endif
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1051892/+subscriptions
More information about the foundations-bugs
mailing list