*** This bug is a duplicate of bug 1990216 ***
https://bugs.launchpad.net/bugs/1990216
Just to have links in both directions between various bug trackers:
"connecting tinc 1.0.36/libssl3 to older nodes #414"
https://github.com/gsliepen/tinc/issues/414
** Bug watch added:
*** This bug is a duplicate of bug 1990216 ***
https://bugs.launchpad.net/bugs/1990216
** This bug has been marked a duplicate of bug 1990216
backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1
with blowfish in OFB or CFB modes" to Jammy
--
You received this bug
** Changed in: tinc (Ubuntu)
Status: New => Confirmed
** Changed in: tinc (Ubuntu)
Status: Confirmed => Invalid
** Changed in: openssl (Ubuntu)
Status: New => Confirmed
** Also affects: openssl (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects:
(I've opened LP:#1990216 to request that the fix for upstream "OpenSSL 3
cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or
CFB modes #18359" be backported to libssl3 in Jammy.)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
On Wed, May 18, 2022 at 15:36:30 -, Nathan Stratton Treadway wrote:
> On Wed, May 18, 2022 at 13:37:46 -, Simon Chopin wrote:
> > Could you give more details about what happens when using the legacy
> > providers?
>
> The short version is that by enabling the legacy provider and setting
>
On Fri, Aug 05, 2022 at 00:35:32 -, Don wrote:
> It appears the issue is resolved in libssl3 3.0.4-1ubuntu1 from kinetic
> (in addition to enabling the legacy providers)
I installed a Kinetic test environment, and confirmed that I was able to
connect to my Xenial tinc (1.0.26-1) instance
On Fri, Aug 05, 2022 at 00:35:32 -, Don wrote:
> It appears the issue is resolved in libssl3 3.0.4-1ubuntu1 from kinetic
> (in addition to enabling the legacy providers)
Thanks for that hint.
Can you provide any additional details on your Tinc environment and what
exactly allowed the
It appears the issue is resolved in libssl3 3.0.4-1ubuntu1 from kinetic
(in addition to enabling the legacy providers)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1972939
On Wed, May 18, 2022 at 13:41:06 -, Simon Chopin wrote:
> Also, does tinc work in a purely Jammy context? :-)
Sorry, I just realized that I had not mentioned here on this bug the
results of my tests between various Ubuntu versions. I didn't test
Jammy-to-Jammy, but (briefly):
* Jammy
On Wed, May 18, 2022 at 13:37:46 -, Simon Chopin wrote:
> Could you give more details about what happens when using the legacy
> providers?
The short version is that by enabling the legacy provider and setting
SECLEVEL to 1, I'm able to get past the "digital envelope
routines::unsupported"
On Wed, May 18, 2022 at 13:41:06 -, Simon Chopin wrote:
> Also, does tinc work in a purely Jammy context? :-)
As far as I can determine the issue relates to compatibility between
libssl3 and the algorithms used by the Xenial-era tinc, and thus I can't
imagine Jammy-to-Jammy would be a
Could you give more details about what happens when using the legacy
providers?
** Changed in: tinc (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
Also, does tinc work in a purely Jammy context? :-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1972939
Title:
Jammy tinc incompatibile with older (e.g. Xenial) tinc
On Wed, May 18, 2022 at 07:42:04 -, Simon Chopin wrote:
> I'm guessing there are some SSL certificates involved? If so, this issue
Tinc uses openssl's implementations of specific alogorithms, but does not
use either TLS or SSL certificates. (So I don't think the Tinc situation
is covered by
I'm guessing there are some SSL certificates involved? If so, this issue
is mentioned in the release notes: certificates that use e.g. SHA1 as
the digest algorithm should be re-issued by your provider with a
stronger hash algorithm.
Would you be able to check that it is the correct diagnostic?
If
** Also affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1972939
Title:
Jammy tinc incompatibile with
16 matches
Mail list logo
