[Bug 1972939] Re: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
Nathan Stratton Treadway
1972939 at bugs.launchpad.net
Tue Sep 20 00:13:06 UTC 2022
On Wed, May 18, 2022 at 15:36:30 -0000, Nathan Stratton Treadway wrote:
> On Wed, May 18, 2022 at 13:37:46 -0000, Simon Chopin wrote:
> > Could you give more details about what happens when using the legacy
> > providers?
>
> The short version is that by enabling the legacy provider and setting
> SECLEVEL to 1, I'm able to get past the "digital envelope
(With the fixed version of OpenSSL's legacy.so, the SECLEVEL=1
configuration change is no longer needed -- tincd's openssl.cnf only
needs to activate the "legacy" provider.)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1972939
Title:
Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
Status in Release Notes for Ubuntu:
New
Status in openssl package in Ubuntu:
New
Status in tinc package in Ubuntu:
New
Bug description:
The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot
connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1).
(Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1,
can connect to these nodes without problems.)
The symptom is a log message (on the system running Jammy) during the
metadata channel negotiation (with debug level set to 5):
Error during initialisation of cipher from tinc_xenial [...]
error:0308010C:digital envelope routines::unsupported
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions
More information about the foundations-bugs
mailing list