[Bug 1960268] Re: SSL handshake failed - VPN SSL broken in 22.04

Wed Apr 13 15:14:24 UTC 2022

we have quite the same problem in 22.04

we use openvpn client with PKI

Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11_terminate - entered
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11h_terminate entry
Apr 13 16:51:56 openvpn[12898]: PKCS#11: Terminating openssl
Apr 13 16:51:56 openvpn[12898]: PKCS#11: _pkcs11h_openssl_terminate
Apr 13 16:51:56 openvpn[12898]: PKCS#11: Removing providers
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11h_removeProvider entry reference='/usr/lib/libeToken.so'
Apr 13 16:51:56 openvpn[12898]: PKCS#11: Removing provider '/usr/lib/libeToken.so'
Apr 13 16:51:56 vpn-manager[12866]: recv: >STATE:1649861516,EXITING,init_instance,,,,,
Apr 13 16:51:56 openvpn[12898]: PKCS#11: _pkcs11h_slotevent_notify entry
Apr 13 16:51:56 openvpn[12898]: PKCS#11: _pkcs11h_slotevent_notify return
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11h_removeProvider return rv=0-'CKR_OK'
Apr 13 16:51:56 openvpn[12898]: PKCS#11: Releasing sessions
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11h_token_freeTokenId entry certificate_id=0x55c6e7e9a0b0
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11h_token_freeTokenId return
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11h_certificate_freeCertificateIdList entry cert_id_list=(nil)
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11h_certificate_freeCertificateIdList return
Apr 13 16:51:56 openvpn[12898]: PKCS#11: Terminating slotevent
Apr 13 16:51:56 openvpn[12898]: PKCS#11: _pkcs11h_slotevent_terminate entry
Apr 13 16:51:56 openvpn[12898]: PKCS#11: _pkcs11h_slotevent_terminate return
Apr 13 16:51:56 openvpn[12898]: PKCS#11: Marking as uninitialized
Apr 13 16:51:56 openvpn[12898]: PKCS#11: pkcs11_terminate - return

but TLS seems to be expected SSLv3

Apr 13 16:51:54 openvpn[12898]: Incoming Ciphertext -> TLS
Apr 13 16:51:54 openvpn[12898]: SSL state (connect): SSLv3/TLS read server certificate
Apr 13 16:51:54 openvpn[12898]: SSL alert (write): fatal: internal error
Apr 13 16:51:54 openvpn[12898]: OpenSSL: error:0A0C0103:SSL routines::internal error
Apr 13 16:51:54 openvpn[12898]: TLS_ERROR: BIO read tls_read_plaintext error
Apr 13 16:51:54 openvpn[12898]: TLS Error: TLS object -> incoming plaintext read error
Apr 13 16:51:54 openvpn[12898]: TLS Error: TLS handshake failed

dpkg -l | grep openvpn
ii  network-manager-openvpn                    1.8.18-1                                         amd64        network management framework (OpenVPN plugin core)
ii  network-manager-openvpn-gnome              1.8.18-1                                         amd64        network management framework (OpenVPN plugin GNOME GUI)
ii  openvpn                                    2.5.5-1ubuntu3                                   amd64        virtual private network daemon

dpkg -l | grep openssl
ii  libengine-pkcs11-openssl:amd64             0.4.11-1build3                                   amd64        OpenSSL engine for PKCS#11 modules
ii  libxmlsec1-openssl:amd64                   1.2.33-1build2                                   amd64        Openssl engine for the XML security library
ii  openssl                                    3.0.2-0ubuntu1                                   amd64        Secure Sockets Layer toolkit - cryptographic utility
ii  perl-openssl-defaults:amd64                5build2                                          amd64        version compatibility baseline for Perl OpenSSL packages

dpkg -l | grep opensc
ii  opensc                                     0.22.0-1ubuntu2                                  amd64        Smart card utilities with support for PKCS#15 compatible cards
ii  opensc-pkcs11:amd64                        0.22.0-1ubuntu2                                  amd64        Smart card utilities with support for PKCS#15 compatible cards

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268

Title:
  SSL handshake failed - VPN SSL broken in 22.04

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  I'm trying to connect with global protect VPN but fails at login with:

  SSL handshake failed
  Failed to load URL https://...
  QtNetwork Error 6

  Another VPN client does work but the rdp connection to a remote server fails with:

  transport_connect_tls:freerdp_set_last_error_ex ERRCONNECT_TLS_CONNECT_FAILED
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu76
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 21.10
  InstallationDate: Installed on 2021-03-19 (325 days ago)
  InstallationMedia: Kubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022)
  Package: openssl 3.0.1-0ubuntu1
  PackageArchitecture: amd64
  ProcVersionSignature: Ubuntu 5.15.0-18.18-generic 5.15.12
  Tags:  wayland-session impish
  Uname: Linux 5.15.0-18-generic x86_64
  UpgradeStatus: Upgraded to impish on 2022-02-04 (3 days ago)
  UserGroups: adm cdrom dialout dip docker input lpadmin lxd plugdev sambashare sudo uinput
  _MarkForUpload: True
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu76
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 22.04
  InstallationDate: Installed on 2021-03-19 (325 days ago)
  InstallationMedia: Kubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022)
  Package: openssl 3.0.1-0ubuntu1
  PackageArchitecture: amd64
  ProcVersionSignature: Ubuntu 5.15.0-18.18-generic 5.15.12
  Tags:  wayland-session jammy
  Uname: Linux 5.15.0-18-generic x86_64
  UpgradeStatus: Upgraded to jammy on 2022-02-04 (3 days ago)
  UserGroups: adm cdrom dialout dip docker input lpadmin lxd plugdev sambashare sudo uinput
  _MarkForUpload: True

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268/+subscriptions