[Bug 1840902] [NEW] ejabberd fails incoming connections with "Failed to secure c2s connection: TLS failed: client renegotiations forbidden"

Robie Basak 1840902 at bugs.launchpad.net
Wed Aug 21 10:19:32 UTC 2019 

Public bug reported:

ejabberd 18.01-2 on Bionic.
Bad: openssl/libssl1.1 1.1.1-1ubuntu2.1~18.04.4
Good: openssl/libssl1.1 1.1.0g-2ubuntu4.3

This hit the Bionic security pocket yesterday, so everyone who uses
unattended-upgrades for security only (which is the default) will have
received this overnight.

Workaround: downgrade openssl/libssl1.1 to 1.1.0g-2ubuntu4.3 using old
builds that are available from
https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3 (follow
the architecture link eg. "amd64")

The error logged by ejabberd is:

2019-08-21 06:52:28.402 [warning]
<0.539.0>@ejabberd_c2s:process_terminated:290 (tls|<0.539.0>) Failed to
secure c2s connection: TLS failed: client renegotiations forbidden

** Affects: ejabberd (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: ejabberd (Ubuntu Bionic)
     Importance: Critical
         Status: New

** Affects: openssl (Ubuntu Bionic)
     Importance: Critical
         Status: New


** Tags: regression-update

** Also affects: ejabberd (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: ejabberd (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: ejabberd (Ubuntu Bionic)
   Importance: Undecided => Critical

** Changed in: openssl (Ubuntu Bionic)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1840902

Title:
  ejabberd fails incoming connections with "Failed to secure c2s
  connection: TLS failed: client renegotiations forbidden"

Status in ejabberd package in Ubuntu:
  New
Status in openssl package in Ubuntu:
  New
Status in ejabberd source package in Bionic:
  New
Status in openssl source package in Bionic:
  New

Bug description:
  ejabberd 18.01-2 on Bionic.
  Bad: openssl/libssl1.1 1.1.1-1ubuntu2.1~18.04.4
  Good: openssl/libssl1.1 1.1.0g-2ubuntu4.3

  This hit the Bionic security pocket yesterday, so everyone who uses
  unattended-upgrades for security only (which is the default) will have
  received this overnight.

  Workaround: downgrade openssl/libssl1.1 to 1.1.0g-2ubuntu4.3 using old
  builds that are available from
  https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3 (follow
  the architecture link eg. "amd64")

  The error logged by ejabberd is:

  2019-08-21 06:52:28.402 [warning]
  <0.539.0>@ejabberd_c2s:process_terminated:290 (tls|<0.539.0>) Failed
  to secure c2s connection: TLS failed: client renegotiations forbidden

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ejabberd/+bug/1840902/+subscriptions

More information about the foundations-bugs mailing list