[Bug 1876286] Re: Evolution reports "Error performing TLS handshake: Internal error in memory allocation."

Rod Rivers 1876286 at bugs.launchpad.net
Sat Jun 13 08:45:44 UTC 2020 

Sebastien,

I believe that something on the Yahoo/AOL/etc server side was changed to return a zero length session ticket for older TLS protocols.  According to https://gnutls.org/manual/html_node/Session-tickets.html:
"A disadvantage of session tickets is that they eliminate the effects of forward secrecy when a server uses the same key for long time. That is, the secrecy of all sessions on a server using tickets depends on the ticket key being kept secret. For that reason server keys should be rotated and discarded regularly. [snip] Under TLS 1.3 session tickets are mandatory for session resumption, and they do not share the forward secrecy concerns as with TLS 1.2 or earlier."

My guess is that they felt this was insecure and return a zero length
session ticket as a workaround.  If more servers are configured that way
this will become a bigger problem including more programs than just
Evolution and Claws email clients.

RFC5077 states "If the server determines that it does not want to include a ticket after it has included the SessionTicket extension in the ServerHello, then it sends a zero-length ticket in the NewSessionTicket handshake message."  A zero length ticket is a legitimate value and should be supported.  Testing with the current version of OpenSSL on Ubuntu 18.04.4 (1.1.1-1ubuntu2.1~18.04.5) showed that it is able to handle zero length session tickets and wireshark confirmed that the server returned a zero length ticket with the following command:
$ openssl s_client -msg -tls1_2 -connect pop.verizon.net:995

This is the first time I have gone through this process.  Please let me know if I missed something or did something wrong.  I'm trying to follow the SRU wiki entry:
https://wiki.ubuntu.com/StableReleaseUpdates

If I'm reading this correctly this bug falls under the last bullet of
section "2.1 High-impact bugs" which states "Updates that need to be
applied to Ubuntu packages to adjust to changes in the environment,
server protocols, web services, and similar, i. e. where the current
version just ceases to work."

I believe the following two conditions have been met:
3.1 Check that the bug is fixed in the current development release, and that its bug task is "Fix Released"
3.2 Ensure that the bug report for this issue is public

I'm working on 3.3 and modified the description with the first cut at an
impact statement.  I'm not sure what to put for the [Regression
Potential] section.  Any help that you can provide will be greatly
appreciated!

Thanks,

Rod


** Description changed:

+ [Impact]
+ 
+ Evolution and Claws email clients stopped connecting to Yahoo, AOL,
+ Verizon, AT&T, Bell South, etc email servers which are run by the same
+ group.  Users are unable to get to their email.
+ 
+ Nominating for SRU, fulfills: "Updates that need to be applied to Ubuntu
+ packages to adjust to changes in the environment, server protocols, web
+ services, and similar, i. e. where the current version just ceases to
+ work."
+ 
  [testcase]
  
  $ gnutls-cli --priority=NORMAL:-VERS-TLS1.3 pop.verizon.net:995
  [...]
  - Status: The certificate is trusted.
  *** Fatal error: Internal error in memory allocation.
- 
  
  When Evolution checks my verizon.net account it displays the message
  "Error performing TLS handshake: Internal error in memory allocation"
  and doesn't download any new email messages.  This started happening two
  days ago shortly after updates were applied.  Normally it would download
  the new email messages.  Searching the web I found a Linux Mint forum
  with users having the same issue.  Some users felt it maybe an expired
  certificate while others thought it might be related to the recent
  update.  What can I do to get more information about this issue?
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: evolution 3.28.5-0ubuntu0.18.04.2
  ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18
  Uname: Linux 5.3.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.14
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Fri May  1 07:03:51 2020
  InstallationDate: Installed on 2017-12-12 (870 days ago)
  InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
  ProcEnviron:
   PATH=(custom, no username)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: evolution
  UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1876286

Title:
  Evolution reports "Error performing TLS handshake: Internal error in
  memory allocation."

Status in Gnutls:
  Unknown
Status in claws-mail package in Ubuntu:
  Invalid
Status in evolution package in Ubuntu:
  Invalid
Status in gnutls28 package in Ubuntu:
  Fix Released
Status in claws-mail source package in Focal:
  Invalid
Status in evolution source package in Focal:
  Invalid
Status in gnutls28 source package in Focal:
  Triaged
Status in claws-mail source package in Groovy:
  Invalid
Status in evolution source package in Groovy:
  Invalid
Status in gnutls28 source package in Groovy:
  Fix Released
Status in gnutls28 package in CentOS:
  Unknown

Bug description:
  [Impact]

  Evolution and Claws email clients stopped connecting to Yahoo, AOL,
  Verizon, AT&T, Bell South, etc email servers which are run by the same
  group.  Users are unable to get to their email.

  Nominating for SRU, fulfills: "Updates that need to be applied to
  Ubuntu packages to adjust to changes in the environment, server
  protocols, web services, and similar, i. e. where the current version
  just ceases to work."

  [testcase]

  $ gnutls-cli --priority=NORMAL:-VERS-TLS1.3 pop.verizon.net:995
  [...]
  - Status: The certificate is trusted.
  *** Fatal error: Internal error in memory allocation.

  When Evolution checks my verizon.net account it displays the message
  "Error performing TLS handshake: Internal error in memory allocation"
  and doesn't download any new email messages.  This started happening
  two days ago shortly after updates were applied.  Normally it would
  download the new email messages.  Searching the web I found a Linux
  Mint forum with users having the same issue.  Some users felt it maybe
  an expired certificate while others thought it might be related to the
  recent update.  What can I do to get more information about this
  issue?

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: evolution 3.28.5-0ubuntu0.18.04.2
  ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18
  Uname: Linux 5.3.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.14
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Fri May  1 07:03:51 2020
  InstallationDate: Installed on 2017-12-12 (870 days ago)
  InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
  ProcEnviron:
   PATH=(custom, no username)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: evolution
  UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnutls/+bug/1876286/+subscriptions

More information about the foundations-bugs mailing list