[Bug 1051892] Re: [Quantal] Regression in TLS 1.2 workarounds

Tyler Hicks tyhicks at canonical.com
Sat Oct 6 04:57:46 UTC 2012 

To put a different way... I'm just attempting to fix the regression from
Precise to Quantal. That simple change is what fixes it and gets OpenSSL
working the same as it is in Precise. If I had more time before release,
then I'd probably propose quite a few other changes to the TLS 1.2
workarounds but I'm just focusing on this regression right now.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1051892

Title:
  [Quantal] Regression in TLS 1.2 workarounds

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Unknown
Status in “openssl” package in Ubuntu:
  Fix Committed
Status in “openssl” source package in Quantal:
  Fix Committed

Bug description:
  openssl 1.0.1c-3ubuntu1 dropped almost all of
  debian/patches/tls12_workarounds.patch because the upstream 1.0.1c
  release contained the changes.

  However, the dropped pieces of tls12_workarounds.patch had a subtle
  difference from upstream. In the Ubuntu patch, ssl23_client_hello()
  checked the *client* TLS version when deciding if the cipher list
  should be truncated or not for TLS 1.2. The upstream code
  (http://cvs.openssl.org/chngview?cn=22408) checks the *negotiated* TLS
  version, which I believe is incorrect since the ServerHello hasn't
  even occurred yet in order to negotiate the TLS version.

  The change from TLS1_get_versions() to TLS1_get_client_versions() was
  discussed here:

  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4

  This bug can be reproduced with the following command:

  $ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
  /etc/ssl/certs/

  It will fail unless -tls1 is specified like so:

  $ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath
  /etc/ssl/certs/ -tls1

  Making this change fixes the problem (ssl3_client_hello() will
  probably need the same change):

  --- openssl-1.0.1c.orig/ssl/s23_clnt.c  2012-09-17 01:06:06.584617683 -0700
  +++ openssl-1.0.1c/ssl/s23_clnt.c       2012-09-17 02:09:01.140540223 -0700
  @@ -491,7 +491,7 @@
                           * as hack workaround chop number of supported ciphers
                           * to keep it well below this if we use TLS v1.2
                           */
  -                       if (TLS1_get_version(s) >= TLS1_2_VERSION
  +                       if (TLS1_get_client_version(s) >= TLS1_2_VERSION
                                  && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
                                  i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
   #endif

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1051892/+subscriptions

More information about the foundations-bugs mailing list