[Bug 1051892] [NEW] [Quantal] Regression in TLS 1.2 workarounds

Launchpad Bug Tracker 1051892 at bugs.launchpad.net
Thu Oct 4 21:11:43 UTC 2012 

You have been subscribed to a public bug by Tyler Hicks (tyhicks):

openssl 1.0.1c-3ubuntu1 dropped almost all of
debian/patches/tls12_workarounds.patch because the upstream 1.0.1c
release contained the changes.

However, the dropped pieces of tls12_workarounds.patch had a subtle
difference from upstream. In the Ubuntu patch, ssl23_client_hello()
checked the *client* TLS version when deciding if the cipher list should
be truncated or not for TLS 1.2. The upstream code
(http://cvs.openssl.org/chngview?cn=22408) checks the *negotiated* TLS
version, which I believe is incorrect since the ServerHello hasn't even
occurred yet in order to negotiate the TLS version.

The change from TLS1_get_versions() to TLS1_get_client_versions() was
discussed here:

https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4

This bug can be reproduced with the following command:

$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
/etc/ssl/certs/

It will fail unless -tls1 is specified like so:

$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
/etc/ssl/certs/ -tls1

Making this change fixes the problem (ssl3_client_hello() will probably
need the same change):

--- openssl-1.0.1c.orig/ssl/s23_clnt.c  2012-09-17 01:06:06.584617683 -0700
+++ openssl-1.0.1c/ssl/s23_clnt.c       2012-09-17 02:09:01.140540223 -0700
@@ -491,7 +491,7 @@
                         * as hack workaround chop number of supported ciphers
                         * to keep it well below this if we use TLS v1.2
                         */
-                       if (TLS1_get_version(s) >= TLS1_2_VERSION
+                       if (TLS1_get_client_version(s) >= TLS1_2_VERSION
                                && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
                                i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
 #endif

** Affects: openssl
     Importance: Unknown
         Status: Unknown

** Affects: openssl (Ubuntu)
     Importance: High
         Status: Triaged


** Tags: rls-q-incoming
-- 
[Quantal] Regression in TLS 1.2 workarounds
https://bugs.launchpad.net/bugs/1051892
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list