[Bug 1864689] Re: openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in Chrome and Firefox

Dimitri John Ledkov launchpad at surgut.co.uk
Tue Mar 3 19:13:59 UTC 2020 

So, in their chain of certs that they present there is still an RSA-SHA1
certificate. It shouldn't affect validation, as the other certs in the
chain are sufficient (for example gnutls-cli toodledo.com connects fine)
but it does trip up openssl:

- Certificate[3] info:
 - subject `OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US', issuer `OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US', serial 0x00, RSA key 2048 bits, signed using RSA-SHA1 (broken!), activated `2004-06-29 17:06:20 UTC', expires `2034-06-29 17:06:20 UTC', pin-sha256="VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8="

Now, they could remove that cert from the chain that their server uses.
But also they should not need to do this and openssl should just work.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1864689

Title:
  openssl in 20.04 can't connect to site that was fine in 19.10 and is
  fine in Chrome and Firefox

Status in openssl package in Ubuntu:
  New

Bug description:
  openssl in Ubuntu 20.04 (focal) refuses to connect to a web site that
  openssl in Ubuntu 19.10 (eoan), Chrome, and Firefox are all happy to
  connect to.

  Reproduce with: `curl -v https://www.toodledo.com/'

  or: `openssl s_client -connect www.toodledo.com:443`

  or: `python3 -c 'import requests;
  requests.get("https://www.toodledo.com/")'`

  or: `wget https://www.toodledo.com/`

  These worked in Ubuntu 19.10 and don't work in 20.04.

  I've tried all sorts of things to debug this further and I've just run
  into walls. I hope someone who understands more about this stuff will
  be able to figure it out.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssl 1.1.1d-2ubuntu3
  ProcVersionSignature: Ubuntu 5.4.0-14.17-generic 5.4.18
  Uname: Linux 5.4.0-14-generic x86_64
  ApportVersion: 2.20.11-0ubuntu18
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Feb 25 13:01:22 2020
  InstallationDate: Installed on 2019-08-16 (192 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  SourcePackage: openssl
  UpgradeStatus: Upgraded to focal on 2020-01-31 (25 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689/+subscriptions

More information about the foundations-bugs mailing list