[Bug 1832933] Re: upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd
Dimitri John Ledkov
launchpad at surgut.co.uk
Sun Jun 16 00:49:59 UTC 2019
** Description changed:
Hello!
After upgrade to
libssl1.1 1.1.1-1ubuntu2.1~18.04.2
openssl 1.1.1-1ubuntu2.1~18.04.2
on Ubuntu 18.04 server clients can't connect to ejabberd server:
2019-06-15 15:56:26.431 [warning]
<0.858.0>@ejabberd_c2s:process_terminated:290 (tls|<0.858.0>) Failed to
secure c2s connection: TLS failed: client renegotiations forbidden
-
ejabberd version is 18.01-2
which is from Ubuntu 18.04.
- As far as I know ejabberd can work with openssl 1.1.1 only from 18.09
+ As far as I know ejabberd can work with openssl 1.1.1 only from 18.09
https://blog.process-one.net/ejabberd-18-09/
OpenSSL 1.1.1 support
Either ejabberd in 18.04 should be updated or openssl should not be
upgraded to 1.1.1 on 18.04 .
Thank you!
+
+
+ == erlang-p1-tls ==
+
+ Looking at all upstream patches since 1.0.20 (current bionic) these are
+ the useful ones:
+
+ 0002-Specify-accepted-Client-CAs-during-handshake.patch
+ - quite small fixes Client CA negotiation
+
+ 0013-Update-cert-used-by-test-to-use-sha256-signature.patch
+ - updates test cert to a stronger one
+
+ 0014-Add-no_tlsv1_3-option-parsing-from-openssl1.1.patch
+ - tiny, andd "no_tlsv1_3" option
+
+ 0016-Improve-tests-to-make-them-work-with-openssl1.1.patch
+ - testsuite fixes
+
+ 0022-Use-SSL_OP_NO_RENEGOTIATION-when-available.patch
+ - needed to fix this bug, do not attempt renegotiation as that is no longer supported. Just ifdefs.
+
+
+ There are also patches that add new apis, to rebuild cert caches, and query negotiated protocols, but meh.
** Also affects: openssl (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: ejabberd (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: erlang-p1-tls (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: erlang-p1-tls (Ubuntu)
Status: Confirmed => Fix Released
** No longer affects: openssl (Ubuntu Bionic)
** No longer affects: openssl (Ubuntu)
** No longer affects: ejabberd (Ubuntu Bionic)
** No longer affects: ejabberd (Ubuntu)
** Changed in: erlang-p1-tls (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832933
Title:
upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd
Status in erlang-p1-tls package in Ubuntu:
Fix Released
Status in erlang-p1-tls source package in Bionic:
Confirmed
Bug description:
Hello!
After upgrade to
libssl1.1 1.1.1-1ubuntu2.1~18.04.2
openssl 1.1.1-1ubuntu2.1~18.04.2
on Ubuntu 18.04 server clients can't connect to ejabberd server:
2019-06-15 15:56:26.431 [warning]
<0.858.0>@ejabberd_c2s:process_terminated:290 (tls|<0.858.0>) Failed
to secure c2s connection: TLS failed: client renegotiations forbidden
ejabberd version is 18.01-2
which is from Ubuntu 18.04.
As far as I know ejabberd can work with openssl 1.1.1 only from 18.09
https://blog.process-one.net/ejabberd-18-09/
OpenSSL 1.1.1 support
Either ejabberd in 18.04 should be updated or openssl should not be
upgraded to 1.1.1 on 18.04 .
Thank you!
== erlang-p1-tls ==
Looking at all upstream patches since 1.0.20 (current bionic) these
are the useful ones:
0002-Specify-accepted-Client-CAs-during-handshake.patch
- quite small fixes Client CA negotiation
0013-Update-cert-used-by-test-to-use-sha256-signature.patch
- updates test cert to a stronger one
0014-Add-no_tlsv1_3-option-parsing-from-openssl1.1.patch
- tiny, andd "no_tlsv1_3" option
0016-Improve-tests-to-make-them-work-with-openssl1.1.patch
- testsuite fixes
0022-Use-SSL_OP_NO_RENEGOTIATION-when-available.patch
- needed to fix this bug, do not attempt renegotiation as that is no longer supported. Just ifdefs.
There are also patches that add new apis, to rebuild cert caches, and query negotiated protocols, but meh.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/erlang-p1-tls/+bug/1832933/+subscriptions
More information about the foundations-bugs
mailing list