You have been subscribed to a public bug by Jorge Merlino (jorge-merlino):
[Impact]
Currently openvpn in Jammy is broken when FIPS is enabled. The TL;DR reason is
that openvpn 2.5 does not support openssl 3 very well. There were a number of
fixes in openvpn 2.6 to fix this.
Explaining a bit more the basic issue is that openssl 3 does not allow the use
of the MD5 algorithm for random number generation in FIPS mode and openvpn 2.5
is still using it (LP bug #2091575). There are also other issues, for example
that openvpn sees no available ciphers when FIPS is enabled which can be easily
tested as running
openvpn --show-ciphers
returns nothing (LP bug #2077769).
I have a patch for openvpn 2.5 to fix this which I tried to SRU in bug #2077769
but failed to get sponsored as it is a significant change. The sponsor
suggested backporting instead as the issue does not affect non-FIPS systems and
so they can keep using the current package.
[Scope]
From Noble (2.6.12-0ubuntu0.24.04.1) to Jammy (currently
2.5.11-0ubuntu0.22.04.1)
[Other Info]
My original SRU patch also fixed bug #2086809. This is not a code patch as only
affects package testing. This should be SRUd by itself.
** Affects: openvpn (Ubuntu)
Importance: Undecided
Status: New
--
[BPO] Backport Noble version to Jammy
https://bugs.launchpad.net/bugs/2097688
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribed to the bug report.
--
ubuntu-backports mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
