[Bug 1976339] Re: Openssl update to 1.0.2g-1ubuntu4.20+esm3 Breaks Php Openssl_get_cipher_methods Function

[Dimitar Dimitrov]

An additional comment.
I opened a case in the support portal, but they recommended opening a bug here:
https://portal.support.canonical.com/selfservice/s/case/5004K00000EA3Ox/openssl-andor-libssl100-breaks-php-opensslgetciphermethods-function
I'm not sure if the main packages repository is the proper place for bugs in ESM versions of the packages.
But this is a serious issue and I hope it can be resolved.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1976339

Title:
  Openssl update to 1.0.2g-1ubuntu4.20+esm3 Breaks Php
  Openssl_get_cipher_methods Function

Status in openssl package in Ubuntu:
  New

Bug description:
  The system is Ubuntu 16.04 with ESM support.
  After the update (28.5.2022) of openssl and libssl1.0.0 packages from 1.0.2g-1ubuntu4.20+esm2 to 1.0.2g-1ubuntu4.20+esm3 the php function openssl_get_cipher_methods (php7 from the distribution) is broken.
  It randomly returns empty array when called.
  Testing from php-cli it always returns proper data.
  Testing with web server most of the times it returns an empty array.
  Tested with apache + mod-php and apache + php-fpm.
  Downgrading to versions to 1.0.2g-1ubuntu4.20 fixes the problem.
  This downgrade makes the systems work, but introduces security risks.

  An example code to reproduce the issue:
  --------------------------------
  <?php
  $ciphers = openssl_get_cipher_methods();
  $ciphers_and_aliases = openssl_get_cipher_methods(true);
  $cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);

  echo implode($ciphers);

  print_r($ciphers);
  print_r($cipher_aliases);
  ?>
  ----------------------------

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1976339/+subscriptions