[Bug 1960268] Re: SSL handshake failed - VPN SSL broken in 22.04

Kelly Schoenhofen 1960268 at bugs.launchpad.net
Mon Apr 25 17:31:32 UTC 2022 

I upgraded 21.10 to 22.04 and openssl 3 "broke" globalprotect 6.0.0.44. 
I was able to follow suoko's solution as-is until step #5, it would never return a value, I couldn't successfully finish authenticating. I installed gpclient and had the same issue (authentication error), ultimately I went the route of degrading openssl 3 system wide, enabling UnsafeLegacyRenegotiation via system's openssl.cnf, e.g.: 

sudo pico /usr/lib/ssl/openssl.cnf

[openssl_init]
+ssl_conf = ssl_sect

# add the following right beneath it:
[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

And a reboot later globalprotect is working again. I assume the real fix
is for paloalto to address this in new release of globalprotect.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268

Title:
  SSL handshake failed - VPN SSL broken in 22.04

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  I'm trying to connect with global protect VPN but fails at login with:

  SSL handshake failed
  Failed to load URL https://...
  QtNetwork Error 6

  Another VPN client does work but the rdp connection to a remote server fails with:
    
  transport_connect_tls:freerdp_set_last_error_ex ERRCONNECT_TLS_CONNECT_FAILED
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu76
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 21.10
  InstallationDate: Installed on 2021-03-19 (325 days ago)
  InstallationMedia: Kubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022)
  Package: openssl 3.0.1-0ubuntu1
  PackageArchitecture: amd64
  ProcVersionSignature: Ubuntu 5.15.0-18.18-generic 5.15.12
  Tags:  wayland-session impish
  Uname: Linux 5.15.0-18-generic x86_64
  UpgradeStatus: Upgraded to impish on 2022-02-04 (3 days ago)
  UserGroups: adm cdrom dialout dip docker input lpadmin lxd plugdev sambashare sudo uinput
  _MarkForUpload: True
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu76
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 22.04
  InstallationDate: Installed on 2021-03-19 (325 days ago)
  InstallationMedia: Kubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022)
  Package: openssl 3.0.1-0ubuntu1
  PackageArchitecture: amd64
  ProcVersionSignature: Ubuntu 5.15.0-18.18-generic 5.15.12
  Tags:  wayland-session jammy
  Uname: Linux 5.15.0-18-generic x86_64
  UpgradeStatus: Upgraded to jammy on 2022-02-04 (3 days ago)
  UserGroups: adm cdrom dialout dip docker input lpadmin lxd plugdev sambashare sudo uinput
  _MarkForUpload: True

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268/+subscriptions

More information about the foundations-bugs mailing list