The one package particularly hit by this is PHP. The openssl_get_cipher_methods() function does list the hmac variants with 1.1.1c, but it doesn’t with 1.1.1d, so there’s definitely a regression somewhere.
O. -- Ondřej Surý <ond...@sury.org> > On 8 Oct 2019, at 22:12, Sebastian Andrzej Siewior <sebast...@breakpoint.cc> > wrote: > > On 2019-10-08 17:35:22 [+0200], Greg wrote: >> Package: libssl1.1 >> Version: 1.1.1c-1+0~20190710.13+debian10~1.gbp359e02 >> Severity: normal >> >> Dear Maintainer, >> >> * What led up to the situation? >> Upgraded package libssl1.1 from 1.1.1c to 1.1.1d >> >> * What exactly did you do (or not do) that was effective (or >> ineffective)? >> Downgraded to 1.1.1c >> >> * What was the outcome of this action? >> 4 more ciphers were back > > I am completely lost here. Why is there such a strange version string? > More importantly *how* do you determine whether or not AES-*-CBC-HMAC-* > is available? > > Sebastian >