[Touch-packages] [Bug 2055304] Re: openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2
Right, that was with curl and wget from Ubuntu archive. I got some documentation finally, to set up the corporate client and the ssl connection works basically. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2055304 Title: openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2 Status in openssl package in Ubuntu: New Bug description: I get "Closing connection 0 curl: (35) error:0A000126:SSL routines::unexpected eof while reading" accessing some web servers. AFAIS "SSL_OP_IGNORE_UNEXPECTED_EOF" can help here. With 3.2[0] it can be configured in openssl.cnf, whereas 3.0[1] cannot. Would you mind to backport the mini patch[2] to be configured with 3.0, too? Example: $ tail -n 3 /etc/ssl/openssl.cnf [system_default_sect] CipherString = DEFAULT:@SECLEVEL=2 Options = IgnoreUnexpectedEOF [0] https://www.openssl.org/docs/man3.2/man3/SSL_CONF_cmd.html [1] https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html [2] https://github.com/openssl/openssl/commit/51cf034433d528876f3c235c5150c5acfe88f24d To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2055304/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055304] Re: openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2
Actually, it seems that most programs ignore the openssl.cnf anyway for security(?) reasons. Played a bit with MinTlsVersion and it did not change the request which is being sent. Luckily I could ask the DevOps for the nginx versions used and they have versions with the openssl 3 fix; that comes with nginx 1.21.2. Maybe there is a firewall setting causing this. Would not be the first time, hah... I will see. But anwyay, as the openssl.cnf is ignored anyway this report is quite invalid - does not help. :-D -- That error message has sent me on a journey, o dear. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2055304 Title: openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2 Status in openssl package in Ubuntu: New Bug description: I get "Closing connection 0 curl: (35) error:0A000126:SSL routines::unexpected eof while reading" accessing some web servers. AFAIS "SSL_OP_IGNORE_UNEXPECTED_EOF" can help here. With 3.2[0] it can be configured in openssl.cnf, whereas 3.0[1] cannot. Would you mind to backport the mini patch[2] to be configured with 3.0, too? Example: $ tail -n 3 /etc/ssl/openssl.cnf [system_default_sect] CipherString = DEFAULT:@SECLEVEL=2 Options = IgnoreUnexpectedEOF [0] https://www.openssl.org/docs/man3.2/man3/SSL_CONF_cmd.html [1] https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html [2] https://github.com/openssl/openssl/commit/51cf034433d528876f3c235c5150c5acfe88f24d To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2055304/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055304] Re: openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2
Hi Adrien, this is some corporate setup with Zscaler proxy and nginx servers or reverse-proxies inbetween. I cannot say for sure how exactly the servers are setup. The patch just adds the possiblity to set the IgnoreUnexpectedEOF option to the config file by user. The config file itself I would not recommend to change system-wide in the distro package, indeed. I am not in control to update the nginx servers to 1.22 which fixes that known issue on the servers side. And, although I have patched openssl package locally with the attached patch and added the option to /etc/ssl/openssl.cnf, I still see the very same error. I wonder what else could be wrong ... Do I have to put the Options entry in another section of the config file? If I find something I will post again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2055304 Title: openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2 Status in openssl package in Ubuntu: New Bug description: I get "Closing connection 0 curl: (35) error:0A000126:SSL routines::unexpected eof while reading" accessing some web servers. AFAIS "SSL_OP_IGNORE_UNEXPECTED_EOF" can help here. With 3.2[0] it can be configured in openssl.cnf, whereas 3.0[1] cannot. Would you mind to backport the mini patch[2] to be configured with 3.0, too? Example: $ tail -n 3 /etc/ssl/openssl.cnf [system_default_sect] CipherString = DEFAULT:@SECLEVEL=2 Options = IgnoreUnexpectedEOF [0] https://www.openssl.org/docs/man3.2/man3/SSL_CONF_cmd.html [1] https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html [2] https://github.com/openssl/openssl/commit/51cf034433d528876f3c235c5150c5acfe88f24d To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2055304/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055304] [NEW] openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2
Public bug reported: I get "Closing connection 0 curl: (35) error:0A000126:SSL routines::unexpected eof while reading" accessing some web servers. AFAIS "SSL_OP_IGNORE_UNEXPECTED_EOF" can help here. With 3.2[0] it can be configured in openssl.cnf, whereas 3.0[1] cannot. Would you mind to backport the mini patch[2] to be configured with 3.0, too? Example: $ tail -n 3 /etc/ssl/openssl.cnf [system_default_sect] CipherString = DEFAULT:@SECLEVEL=2 Options = IgnoreUnexpectedEOF [0] https://www.openssl.org/docs/man3.2/man3/SSL_CONF_cmd.html [1] https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html [2] https://github.com/openssl/openssl/commit/51cf034433d528876f3c235c5150c5acfe88f24d ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Patch added: "Add IgnoreUnexpectedEOF as configuration option" https://bugs.launchpad.net/bugs/2055304/+attachment/5750251/+files/openssl-IgnoreUnexpectedEOF.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2055304 Title: openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2 Status in openssl package in Ubuntu: New Bug description: I get "Closing connection 0 curl: (35) error:0A000126:SSL routines::unexpected eof while reading" accessing some web servers. AFAIS "SSL_OP_IGNORE_UNEXPECTED_EOF" can help here. With 3.2[0] it can be configured in openssl.cnf, whereas 3.0[1] cannot. Would you mind to backport the mini patch[2] to be configured with 3.0, too? Example: $ tail -n 3 /etc/ssl/openssl.cnf [system_default_sect] CipherString = DEFAULT:@SECLEVEL=2 Options = IgnoreUnexpectedEOF [0] https://www.openssl.org/docs/man3.2/man3/SSL_CONF_cmd.html [1] https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html [2] https://github.com/openssl/openssl/commit/51cf034433d528876f3c235c5150c5acfe88f24d To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2055304/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
