[Bug 1051892] Re: [Quantal] Regression in TLS 1.2 workarounds
Tyler Hicks
tyhicks at canonical.com
Thu Oct 4 21:23:16 UTC 2012
The www.mediafire.com:443 is expected. See here :
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/comments/22
The www.evernote.com:443 failure may have been a bad test.
evernote.com:443 (note the lack of 'www.') passes in all three test
environments so I'm not going to look into this any more.
Since the debdiff above solves the regression and causes OpenSSL to
operate as well as it does in Precise, I feel it is ready for
sponsorship.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1051892
Title:
[Quantal] Regression in TLS 1.2 workarounds
Status in OpenSSL cryptography and SSL/TLS toolkit:
Unknown
Status in “openssl” package in Ubuntu:
Triaged
Bug description:
openssl 1.0.1c-3ubuntu1 dropped almost all of
debian/patches/tls12_workarounds.patch because the upstream 1.0.1c
release contained the changes.
However, the dropped pieces of tls12_workarounds.patch had a subtle
difference from upstream. In the Ubuntu patch, ssl23_client_hello()
checked the *client* TLS version when deciding if the cipher list
should be truncated or not for TLS 1.2. The upstream code
(http://cvs.openssl.org/chngview?cn=22408) checks the *negotiated* TLS
version, which I believe is incorrect since the ServerHello hasn't
even occurred yet in order to negotiate the TLS version.
The change from TLS1_get_versions() to TLS1_get_client_versions() was
discussed here:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4
This bug can be reproduced with the following command:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
/etc/ssl/certs/
It will fail unless -tls1 is specified like so:
$ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
/etc/ssl/certs/ -tls1
Making this change fixes the problem (ssl3_client_hello() will
probably need the same change):
--- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-09-17 01:06:06.584617683 -0700
+++ openssl-1.0.1c/ssl/s23_clnt.c 2012-09-17 02:09:01.140540223 -0700
@@ -491,7 +491,7 @@
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
- if (TLS1_get_version(s) >= TLS1_2_VERSION
+ if (TLS1_get_client_version(s) >= TLS1_2_VERSION
&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
#endif
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1051892/+subscriptions
More information about the Ubuntu-sponsors
mailing list