[Bug 1051892] Re: [Quantal] Regression in TLS 1.2 workarounds

Tyler Hicks tyhicks at canonical.com
Thu Oct 4 21:23:16 UTC 2012 

The www.mediafire.com:443 is expected. See here :
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/comments/22

The www.evernote.com:443 failure may have been a bad test.
evernote.com:443 (note the lack of 'www.') passes in all three test
environments so I'm not going to look into this any more.

Since the debdiff above solves the regression and causes OpenSSL to
operate as well as it does in Precise, I feel it is ready for
sponsorship.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1051892

Title:
  [Quantal] Regression in TLS 1.2 workarounds

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Unknown
Status in “openssl” package in Ubuntu:
  Triaged

Bug description:
  openssl 1.0.1c-3ubuntu1 dropped almost all of
  debian/patches/tls12_workarounds.patch because the upstream 1.0.1c
  release contained the changes.

  However, the dropped pieces of tls12_workarounds.patch had a subtle
  difference from upstream. In the Ubuntu patch, ssl23_client_hello()
  checked the *client* TLS version when deciding if the cipher list
  should be truncated or not for TLS 1.2. The upstream code
  (http://cvs.openssl.org/chngview?cn=22408) checks the *negotiated* TLS
  version, which I believe is incorrect since the ServerHello hasn't
  even occurred yet in order to negotiate the TLS version.

  The change from TLS1_get_versions() to TLS1_get_client_versions() was
  discussed here:

  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4

  This bug can be reproduced with the following command:

  $ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
  /etc/ssl/certs/

  It will fail unless -tls1 is specified like so:

  $ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
  /etc/ssl/certs/ -tls1

  Making this change fixes the problem (ssl3_client_hello() will
  probably need the same change):

  --- openssl-1.0.1c.orig/ssl/s23_clnt.c  2012-09-17 01:06:06.584617683 -0700
  +++ openssl-1.0.1c/ssl/s23_clnt.c       2012-09-17 02:09:01.140540223 -0700
  @@ -491,7 +491,7 @@
                           * as hack workaround chop number of supported ciphers
                           * to keep it well below this if we use TLS v1.2
                           */
  -                       if (TLS1_get_version(s) >= TLS1_2_VERSION
  +                       if (TLS1_get_client_version(s) >= TLS1_2_VERSION
                                  && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
                                  i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
   #endif

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1051892/+subscriptions

More information about the Ubuntu-sponsors mailing list