[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]
It's a bit of an 'own goal' if this gets marked as 'won't fix'. As students
upgrade to 22.04 where I work they will find they can't connect to the
institutions or research centre wireless network. They won't care that the SSL
change is protecting them from an old SSL bug, they will just come back 'it
works in windows but not Ubuntu'.
Central IT services who run the wireless will just shrug and say 'Linux not
supported'.
Need to make it easier to find how to turn on the Legacy insecure mode.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1963834
Title:
openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]
Status in openssl package in Ubuntu:
Won't Fix
Bug description:
Description:Ubuntu Jammy Jellyfish (development branch)
Release:22.04
openssl:
Installé : 3.0.1-0ubuntu1
Candidat : 3.0.1-0ubuntu1
Table de version :
*** 3.0.1-0ubuntu1 500
500 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status
Using Ubuntu 22.04, I now get the following error message when
attempting to connect to our office VPN using "gp-saml-gui
(https://github.com/dlenski/gp-saml-gui)" :
#
dominique@Doombuntu:~$ .local/bin/gp-saml-gui server_url
Looking for SAML auth tags in response to
https://server_url/global-protect/prelogin.esp...
usage: gp-saml-gui [-h] [--no-verify] [-C COOKIES | -K] [-g | -p] [-c CERT]
[--key KEY] [-v | -q] [-x | -P | -S] [-u] [--clientos {Windows,Linux,Mac}] [-f
EXTRA] server [openconnect_extra ...]
gp-saml-gui: error: SSL error: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]
unsafe legacy renegotiation disabled (_ssl.c:997)
#
#
#
gp-saml-gui uses python module requests.
Using python ide, I can get the same results :
#
>>> r = requests.get('https://server_url')
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699,
in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382,
in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012,
in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in
connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in
ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in
_ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1070, in _create
self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy
renegotiation disabled (_ssl.c:997)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in
send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755,
in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in
increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='server_url',
port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1,
'[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation
disabled (_ssl.c:997)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in
send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='server_url',
port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1,
'[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy
[Touch-packages] [Bug 1835809] Re: AMD Ryzen 3000 series fails to boot
>> FWIW, I think not booting a 19.04 ISO is probably fine, Unless like me, you have just upgraded your hardware to a Ryzen 3600x and find you have to downgrade from the version you are using on your old machine to use the new machine you just purchased. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1835809 Title: AMD Ryzen 3000 series fails to boot Status in systemd package in Ubuntu: In Progress Status in systemd source package in Disco: Fix Committed Bug description: [Impact] * Systems with AMD Ryzen 3000 series CPUs don't boot. [Test Case] * Boot with fixed systemd on an AMD Ryzen 3000 series system. [Regression Potential] * The fix itself is very small, it ignores known to be faulty random values returned by the rdrand instruction and use a different random source. Those values can still be returned by a properly working rdrand implementation in 2 in 2^32 cases on 32 bit arches and in 2 in 2^64 cases on 64 bit arches, but the fallback to the other random source ensures that in those rare occasions a random number can be generated. [Original Bug Text] On the new AMD Ryzen 3000 series CPUs, there is an issue with systemd preventing the boot process from completing. This issue does not affect the older systemd version in 18.04, but affects the 19.04 version. Here is a screenshot showing what happens: https://www.phoronix.net/image.php?id=ryzen-3700x-3900x-linux=amd_zen2_14_show I am currently testing a patch to systemd, derived from this pull request: https://github.com/systemd/systemd/pull/12536 This is a high severity issue, as I do not believe there is no potential workaround without either a firmware update or an ISO respin. I have attached a rebase of the potential patch on the current 19.04 version of systemd for reference. I will provide more details after testing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1835809/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1501588] Re: Wily's wpasupplicant frequently fails on WPA enterprise networks
In my case it's not frequency fails - it always fails. On 3 separate WAP Enterprise SSIDs. I understand that the WPA Supplicant people say this is a Radius server bug and not a supplicant bug. That may be true, but there is little chance of the offending radius servers on the WPA Enterprise networks I need to use being upgraded until this same bug bites Windows and MacOS. Until then as far as they are concerned it's a Linux bug and not their problem. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1501588 Title: Wily's wpasupplicant frequently fails on WPA enterprise networks Status in hostap: Unknown Status in wpa package in Ubuntu: Confirmed Bug description: Ever since I upgraded from vivid to wily on my laptop, I'm running into problems when connecting to my home WPA2 enterprise network. Typically the first connection immediately after the driver is loaded works as expected, however any further reconnection and the occasional roaming between APs cause wpasupplicant to freeze entirely requiring me to kill it and most often also reload my wireless driver to get things working again. ## A failed (hanging) association looks like: Sep 30 23:31:06 castiana NetworkManager[25815]: (wlan0): Activation: (wifi) connection 'stgraber.net-secure' has security, and secrets exist. No new secrets needed. Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'ssid' value 'stgraber.net-secure' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'scan_ssid' value '1' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'key_mgmt' value 'WPA-EAP' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'eap' value 'TLS' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'fragment_size' value '1300' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'ca_cert' value '/home/stgraber/data/certs/stgraber-radius/ca.crt' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'private_key' value '/home/stgraber/data/certs/stgraber-radius/castiana.p12' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'private_key_passwd' value '' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'identity' value 'castiana' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'bgscan' value 'simple:30:-65:300' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'proactive_key_caching' value '1' Sep 30 23:31:06 castiana NetworkManager[25815]: Connection disconnected (reason -3) Sep 30 23:31:06 castiana NetworkManager[25815]: (wlan0): supplicant interface state: associated -> disconnected Sep 30 23:31:06 castiana NetworkManager[25815]: Failed to GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not connected: disconnect. Sep 30 23:31:06 castiana NetworkManager[25815]: Failed to GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not connected: disconnect. Sep 30 23:31:06 castiana NetworkManager[25815]: Config: set interface ap_scan to 1 Sep 30 23:31:06 castiana NetworkManager[25815]: (wlan0): supplicant interface state: disconnected -> scanning Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: SME: Trying to authenticate with 24:a4:3c:c8:69:03 (SSID='stgraber.net-secure' freq=2412 MHz) Sep 30 23:31:07 castiana kernel: [102903.079940] wlan0: authenticate with 24:a4:3c:c8:69:03 Sep 30 23:31:07 castiana kernel: [102903.085128] wlan0: send auth to 24:a4:3c:c8:69:03 (try 1/3) Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: Trying to associate with 24:a4:3c:c8:69:03 (SSID='stgraber.net-secure' freq=2412 MHz) Sep 30 23:31:07 castiana NetworkManager[25815]: (wlan0): supplicant interface state: scanning -> authenticating Sep 30 23:31:07 castiana kernel: [102903.086942] wlan0: authenticated Sep 30 23:31:07 castiana kernel: [102903.090103] wlan0: associate with 24:a4:3c:c8:69:03 (try 1/3) Sep 30 23:31:07 castiana NetworkManager[25815]: (wlan0): supplicant interface state: authenticating -> associating Sep 30 23:31:07 castiana kernel: [102903.101962] wlan0: RX AssocResp from 24:a4:3c:c8:69:03 (capab=0x411 status=0 aid=1) Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: Associated with 24:a4:3c:c8:69:03 Sep 30 23:31:07 castiana kernel: [102903.103701] wlan0: associated Sep 30 23:31:07 castiana NetworkManager[25815]: (wlan0): supplicant interface state: associating -> associated Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected Sep 30 23:31:07 castiana
