[Bug 1960268] Re: SSL handshake failed - VPN SSL broken in 22.04

Paul Nickerson 1960268 at bugs.launchpad.net
Mon Feb 27 19:12:59 UTC 2023 

If anyone arrived here looking for a solution for Fedora, here it is:

Edit /etc/crypto-policies/back-ends/opensslcnf.config
Add this line before [openssl_init]:
Options = UnsafeLegacyRenegotiation

If you're wondering why this is needed, take your GlobalProtect portal address and check it at https://www.ssllabs.com/ssltest
"There is no support for secure renegotiation" is what you're working around.

I'm running Palo Alto Networks GlobalProtect 6.0.4-28 (UI version) on
Fedora Linux 37 (Workstation Edition).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1960268

Title:
  SSL handshake failed - VPN SSL broken in 22.04

Status in openssl package in Ubuntu:
  Expired

Bug description:
  I'm trying to connect with global protect VPN but fails at login with:

  SSL handshake failed
  Failed to load URL https://...
  QtNetwork Error 6

  Another VPN client does work but the rdp connection to a remote server fails with:
    
  transport_connect_tls:freerdp_set_last_error_ex ERRCONNECT_TLS_CONNECT_FAILED
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu76
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 21.10
  InstallationDate: Installed on 2021-03-19 (325 days ago)
  InstallationMedia: Kubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022)
  Package: openssl 3.0.1-0ubuntu1
  PackageArchitecture: amd64
  ProcVersionSignature: Ubuntu 5.15.0-18.18-generic 5.15.12
  Tags:  wayland-session impish
  Uname: Linux 5.15.0-18-generic x86_64
  UpgradeStatus: Upgraded to impish on 2022-02-04 (3 days ago)
  UserGroups: adm cdrom dialout dip docker input lpadmin lxd plugdev sambashare sudo uinput
  _MarkForUpload: True
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu76
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 22.04
  InstallationDate: Installed on 2021-03-19 (325 days ago)
  InstallationMedia: Kubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022)
  Package: openssl 3.0.1-0ubuntu1
  PackageArchitecture: amd64
  ProcVersionSignature: Ubuntu 5.15.0-18.18-generic 5.15.12
  Tags:  wayland-session jammy
  Uname: Linux 5.15.0-18-generic x86_64
  UpgradeStatus: Upgraded to jammy on 2022-02-04 (3 days ago)
  UserGroups: adm cdrom dialout dip docker input lpadmin lxd plugdev sambashare sudo uinput
  _MarkForUpload: True

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1960268/+subscriptions

More information about the foundations-bugs mailing list