[Bug 1865204] Re: Multiple packages broke with openssl 1.1.1 upgrade

[Adrien Nader]

** Changed in: openssl (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1865204

Title:
  Multiple packages broke with openssl 1.1.1 upgrade

Status in openssl package in Ubuntu:
  Won't Fix

Bug description:
  While I welcome the adding of security features by upgrading vital packages like openssl,
  there are at least two packages that I know of which ran fine with libssl 1.1.0 and do not with libssl 1.1.1. This bug has been introduced with the migration from openssl 1.1.0 to 1.1.1 in one of the last point releases.

  1. stunnel4 3:5.44-1ubuntu3

  stunnel4 breaks with openssl 1.1.1 (which supports TLS 1.3).

  I get errors when a Windows stunnel client connects to the stunnel4
  daemon:

  Feb 20 14:10:03 peterpan.neverland stunnel[24427]: LOG3[0]: s_connect: connect ::1:3128
  : Connection refused (111)

  This can be fixed when I manually add "MaxProtocol = TLSv1.2" to
  /etc/ssl/openssl.conf, showing that TLS 1.3 introduced by openssl
  1.1.1 is the culprit.

  stunnel4 needs an update. At least for stunnel4, another fix would be
  to specify "sslVersion = TLSv1.2" in its config file.

  2. pure-ftpd 1.0.46-1build1

  Same thing here. You cannot connect once you use "tls=2" or higher if
  openssl 1.1.1 with TLS 1.3 is active. Only fix here I found is to
  limit the max protocol in openssl for all applications. pure-ftpd
  itself has no means of controlling the TLS version, at least not in
  the bionic version of it.

  I use Ubuntu Server 18.04.04 LTS, BTW and openssl was
  1.1.1-1ubuntu2.1~18.04.5.

  
  Both problems could be fixed by backporting stunnel4 and pure-ftpd packages from Focal Fossa.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1865204/+subscriptions