[Bug 1864689] Re: openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in Chrome and Firefox

Jonathan Kamens jik at kamens.brookline.ma.us
Fri Feb 28 13:18:21 UTC 2020 

There is still something wrong here.

The site in question has fixed the issue in response to my query, and
SSL Labs now gives it an A grade:

https://www.ssllabs.com/ssltest/analyze.html?d=www.toodledo.com

According to SSL Labs, it supports these two ciphers for TLS 1.2:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

According to openssl ciphers -s -V, both of these are supported by
openssl:

$ openssl ciphers -s -V | egrep '0xC0,0x(30|2F)'
          0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA 
Enc=AESGCM(256) Mac=AEAD
          0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD

And yet I'm still unable to connect to this server through openssl
unless I downgrade the security level to 1.

You mentioned there being an SHA1 certificate in the chain, but I don't
see one. The certs all seem to be SHA256.

I cannot find any evidence that security level 2 blocks the use of
certificates with lifetimes of more than a year. Is that an undocumented
"feature" of security level 2?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1864689

Title:
  openssl in 20.04 can't connect to site that was fine in 19.10 and is
  fine in Chrome and Firefox

Status in openssl package in Ubuntu:
  New

Bug description:
  openssl in Ubuntu 20.04 (focal) refuses to connect to a web site that
  openssl in Ubuntu 19.10 (eoan), Chrome, and Firefox are all happy to
  connect to.

  Reproduce with: `curl -v https://www.toodledo.com/'

  or: `openssl s_client -connect www.toodledo.com:443`

  or: `python3 -c 'import requests;
  requests.get("https://www.toodledo.com/")'`

  or: `wget https://www.toodledo.com/`

  These worked in Ubuntu 19.10 and don't work in 20.04.

  I've tried all sorts of things to debug this further and I've just run
  into walls. I hope someone who understands more about this stuff will
  be able to figure it out.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssl 1.1.1d-2ubuntu3
  ProcVersionSignature: Ubuntu 5.4.0-14.17-generic 5.4.18
  Uname: Linux 5.4.0-14-generic x86_64
  ApportVersion: 2.20.11-0ubuntu18
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Feb 25 13:01:22 2020
  InstallationDate: Installed on 2019-08-16 (192 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  SourcePackage: openssl
  UpgradeStatus: Upgraded to focal on 2020-01-31 (25 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689/+subscriptions

More information about the foundations-bugs mailing list