[Bug 1550643] [NEW] Please backport OpenSSL SNI signature algorithms fix.

David Benjamin 1550643 at bugs.launchpad.net
Sat Feb 27 05:13:23 UTC 2016 

Public bug reported:

If an OpenSSL consumer uses SSL_set_SSL_CTX (very commonly done with
SNI), OpenSSL 1.0.1i and earlier lose internal state relating to TLS 1.2
which causes it to forget the peer's digest preferences. The end result
is such servers will *only* sign SHA-1 ServerKeyExchanges in TLS 1.2,
even if the peer advertises other hashes or even doesn't advertise SHA-1
at all.

See:
https://rt.openssl.org/Ticket/Display.html?id=3560
https://bugzilla.redhat.com/show_bug.cgi?id=1150033
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4
http://www.ietf.org/mail-archive/web/tls/current/msg19195.html

Glancing at packages.ubuntu.com, this seems to affect Ubuntu vivid and
below. It would be greatly appreciated if you would backport this fix to
all applicable releases so Ubuntu servers do not become the limiting
factor in someday removing SHA-1 here.

The links above should have reproduction steps you can use to confirm
the bug and test the fix. (Note that it requires a build of OpenSSL
1.0.2 to confirm the bug. OpenSSL 1.0.1's s_client doesn't print the
necessary information.)

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1550643

Title:
  Please backport OpenSSL SNI signature algorithms fix.

Status in openssl package in Ubuntu:
  New

Bug description:
  If an OpenSSL consumer uses SSL_set_SSL_CTX (very commonly done with
  SNI), OpenSSL 1.0.1i and earlier lose internal state relating to TLS
  1.2 which causes it to forget the peer's digest preferences. The end
  result is such servers will *only* sign SHA-1 ServerKeyExchanges in
  TLS 1.2, even if the peer advertises other hashes or even doesn't
  advertise SHA-1 at all.

  See:
  https://rt.openssl.org/Ticket/Display.html?id=3560
  https://bugzilla.redhat.com/show_bug.cgi?id=1150033
  https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4
  http://www.ietf.org/mail-archive/web/tls/current/msg19195.html

  Glancing at packages.ubuntu.com, this seems to affect Ubuntu vivid and
  below. It would be greatly appreciated if you would backport this fix
  to all applicable releases so Ubuntu servers do not become the
  limiting factor in someday removing SHA-1 here.

  The links above should have reproduction steps you can use to confirm
  the bug and test the fix. (Note that it requires a build of OpenSSL
  1.0.2 to confirm the bug. OpenSSL 1.0.1's s_client doesn't print the
  necessary information.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1550643/+subscriptions

More information about the foundations-bugs mailing list