[Bug 1134873] Re: regression in 1.0.1-4ubuntu5.6 causes connection errors

[Marc Deslauriers]

We already had the changes from 1.0.1e in our security backport, and
debian is currently having similar issues with 1.0.1e. See the upstream
bug report linked at the top of this bug.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1134873

Title:
  regression in 1.0.1-4ubuntu5.6 causes connection errors

Status in OpenSSL cryptography and SSL/TLS toolkit:
  New
Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl” source package in Precise:
  Fix Released
Status in “openssl” source package in Quantal:
  Fix Released
Status in “openssl” source package in Raring:
  Fix Released

Bug description:
  
  In our workplace we have a subversion repository that is accessed via an apache proxy.  The proxy runs mod_proxy and uses SSL between the SVN client and the proxy (does not use SSL between the proxy and the actual SVN server) on ubuntu 12.04 LTS 64-bit.

  Yesterday some of our developers started getting strange error messages when using SVN, here is an example:
      svn: PROPFIND of '/svn/mike/test-django-tools/trunk/dev-packages': Could not read status line: SSL alert received: Bad record MAC 

  This error did not occur on every request, but if a particular request
  failed then it was generally reproducible.

  Since nothing in our environment had changed, I checked our
  unnattended-upgrades logfiles and saw that openssl and libssl had been
  updated to 1.0.1-4ubuntu5.6 on Feb 22.

  After building previous version (1.0.1-4ubuntu5.5) and installing, the
  problem went away.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1134873/+subscriptions