Hello Matt, or anyone else affected,
Accepted openssl into impish-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.1.1l-1ubuntu1.4 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
On a fresh Jammy LXC container:
root@rational-polliwog:~# dpkg -l openssl | tail -n 1
ii openssl3.0.2-0ubuntu1.4 amd64Secure Sockets Layer toolkit -
cryptographic utility
root@rational-polliwog:~# openssl s_server -nocert -psk 01020304 -dtls1
Using default temp DH parameters
Hello Matt, or anyone else affected,
Accepted openssl into jammy-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.3 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
This bug was fixed in the package openssl - 3.0.3-5ubuntu2
---
openssl (3.0.3-5ubuntu2) kinetic; urgency=medium
* d/p/Set-systemwide-default-settings-for-libssl-users: don't comment out
the CipherString string to avoid an empty section.
-- Simon Chopin Tue, 31 May 2022
** Description changed:
+ [Impact]
+
+ The TLS test server `openssl s_server` can very easily be led into an
+ infinite loop if configured with incompatible settings and used via
+ DTLS. This makes it harder to test one's TLS configuration.
+
+ [Test plan]
+
+ In one session:
+ $ openssl
** Merge proposal linked:
https://code.launchpad.net/~schopin/ubuntu/+source/openssl/+git/openssl/+merge/423153
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1947588
Thanks for the follow up! I'll try to fold the fix for this in the next
Jammy SRU, I don't know about other releases yet.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
FYI, upstream have now also merged a fix in the 1.1.1 branch:
https://github.com/openssl/openssl/commit/e04ba889594d84a8805f3d0caeadf0527470e508
If Ubuntu pulls in that patch I expect that this bug should be fixed by
it.
--
You received this bug notification because you are a member of Ubuntu
FYI, upstream merged a fix for the underlying problem in OpenSSL 3.0:
https://github.com/openssl/openssl/commit/8b63b174b00b0e8c5cefcea12989d90450e04b24
I expect a similar fix to be backported to 1.1.1 soon. Although the
specific issue that this bug report is about doesn't impact upstream, I
Thanks for your analysis. Based on your description I was able to find
an instance of this bug that impacts an unmodified upstream OpenSSL
directly. I've raised an issue for it here:
https://github.com/openssl/openssl/issues/18047
That particular instance only impacts OpenSSL 3.0 - but its the
I had a look at what's going on there. My understanding (with the caveat
that the code of s_server is quite hard to follow, even within GDB) is
that when the socket receives the packet, the server goes on and try to
establish a connection, only to find out that it cannot because it has
an
** Tags removed: rls-jj-incoming
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1947588
Title:
Infinite Loop in OpenSSL s_server
Status in openssl package in Ubuntu:
** Tags added: fr-2135
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1947588
Title:
Infinite Loop in OpenSSL s_server
Status in openssl package in Ubuntu:
Confirmed
** Changed in: openssl (Ubuntu Jammy)
Importance: Undecided => Medium
** Changed in: openssl (Ubuntu Impish)
Importance: Undecided => Medium
** Changed in: openssl (Ubuntu Focal)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
** Tags removed: rls-ff-incoming
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1947588
Title:
Infinite Loop in OpenSSL s_server
Status in openssl package in Ubuntu:
Disregard the (now deleted) comment regarding Focal, I got mixed up in
my terminals. Focal is affected, but Bionic is not.
I suspect this is caused by our patch that changes the semantics of
security level 2 to also drop support for (D)TLS < 1.2.
** Tags added: rls-ff-incoming rls-jj-incoming
** Also affects: openssl (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Impish)
Importance: Undecided
Status: New
--
You received this bug notification
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1947588
Title:
Infinite Loop in OpenSSL s_server
Status in openssl package in Ubuntu:
New
Status in openssl source
Hi Matt, thanks for taking the time to report this, as well as
investigating the different versions that might be affected.
I just checked, and both Impish and Jammy are affected as well (the
latter using OpenSSL 3.0).
--
You received this bug notification because you are a member of Ubuntu
19 matches
Mail list logo
