[Bug 2097688] [NEW] [BPO] Backport Noble version to Jammy
Launchpad Bug Tracker
2097688 at bugs.launchpad.net
Sun Feb 9 04:20:47 UTC 2025
You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):
[Impact]
Currently openvpn in Jammy is broken when FIPS is enabled. The TL;DR reason is that openvpn 2.5 does not support openssl 3 very well. There were a number of fixes in openvpn 2.6 to fix this.
Explaining a bit more the basic issue is that openssl 3 does not allow the use of the MD5 algorithm for random number generation in FIPS mode and openvpn 2.5 is still using it (LP bug #2091575). There are also other issues, for example that openvpn sees no available ciphers when FIPS is enabled which can be easily tested as running
openvpn --show-ciphers
returns nothing (LP bug #2077769).
I have a patch for openvpn 2.5 to fix this which I tried to SRU in bug #2077769 but failed to get sponsored as it is a significant change. The sponsor suggested backporting instead as the issue does not affect non-FIPS systems and so they can keep using the current package.
[Scope]
>From Noble (2.6.12-0ubuntu0.24.04.1) to Jammy (currently
2.5.11-0ubuntu0.22.04.1)
[Other Info]
My original SRU patch also fixed bug #2086809. This is not a code patch as only affects package testing. This should be SRUd by itself.
** Affects: openvpn (Ubuntu)
Importance: Undecided
Status: New
** Tags: patch
--
[BPO] Backport Noble version to Jammy
https://bugs.launchpad.net/bugs/2097688
You received this bug notification because you are a member of Ubuntu Sponsors, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list