[Bug 1976339] [NEW] Openssl update to 1.0.2g-1ubuntu4.20+esm3 Breaks Php Openssl_get_cipher_methods Function

Dimitar Dimitrov 1976339 at bugs.launchpad.net
Tue May 31 07:46:37 UTC 2022 

Public bug reported:

The system is Ubuntu 16.04 with ESM support.
After the update (28.5.2022) of openssl and libssl1.0.0 packages from 1.0.2g-1ubuntu4.20+esm2 to 1.0.2g-1ubuntu4.20+esm3 the php function openssl_get_cipher_methods (php7 from the distribution) is broken.
It randomly returns empty array when called.
Testing from php-cli it always returns proper data.
Testing with web server most of the times it returns an empty array.
Tested with apache + mod-php and apache + php-fpm.
Downgrading to versions to 1.0.2g-1ubuntu4.20 fixes the problem.
This downgrade makes the systems work, but introduces security risks.

An example code to reproduce the issue:
--------------------------------
<?php
$ciphers = openssl_get_cipher_methods();
$ciphers_and_aliases = openssl_get_cipher_methods(true);
$cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);

echo implode($ciphers);

print_r($ciphers);
print_r($cipher_aliases);
?>
----------------------------

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1976339

Title:
  Openssl update to 1.0.2g-1ubuntu4.20+esm3 Breaks Php
  Openssl_get_cipher_methods Function

Status in openssl package in Ubuntu:
  New

Bug description:
  The system is Ubuntu 16.04 with ESM support.
  After the update (28.5.2022) of openssl and libssl1.0.0 packages from 1.0.2g-1ubuntu4.20+esm2 to 1.0.2g-1ubuntu4.20+esm3 the php function openssl_get_cipher_methods (php7 from the distribution) is broken.
  It randomly returns empty array when called.
  Testing from php-cli it always returns proper data.
  Testing with web server most of the times it returns an empty array.
  Tested with apache + mod-php and apache + php-fpm.
  Downgrading to versions to 1.0.2g-1ubuntu4.20 fixes the problem.
  This downgrade makes the systems work, but introduces security risks.

  An example code to reproduce the issue:
  --------------------------------
  <?php
  $ciphers = openssl_get_cipher_methods();
  $ciphers_and_aliases = openssl_get_cipher_methods(true);
  $cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);

  echo implode($ciphers);

  print_r($ciphers);
  print_r($cipher_aliases);
  ?>
  ----------------------------

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1976339/+subscriptions

More information about the foundations-bugs mailing list