** Description changed: openssl 1.0.1c-3ubuntu1 dropped almost all of debian/patches/tls12_workarounds.patch because the upstream 1.0.1c release contained the changes. However, the dropped pieces of tls12_workarounds.patch had a subtle difference from upstream. In the Ubuntu patch, ssl23_client_hello() checked the *client* TLS version when deciding if the cipher list should - be truncated or not for TLS 1.2. The upstream code checks the *server* - TLS version, which I believe is incorrect since the ServerHello hasn't - even occurred yet. The upstream commit can be found here: - - http://cvs.openssl.org/chngview?cn=22408 + be truncated or not for TLS 1.2. The upstream code + (http://cvs.openssl.org/chngview?cn=22408) checks the *negotiated* TLS + version, which I believe is incorrect since the ServerHello hasn't even + occurred yet in order to negotiate the TLS version. The change from TLS1_get_versions() to TLS1_get_client_versions() was discussed here: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/comments/4 This bug can be reproduced with the following command: $ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath /etc/ssl/certs/ It will fail unless -tls1 is specified like so: $ openssl s_client -connect d2chzxaqi4y7f8.cloudfront.net:443 -CApath /etc/ssl/certs/ -tls1 Making this change fixes the problem (ssl3_client_hello() will probably need the same change): --- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-09-17 01:06:06.584617683 -0700 +++ openssl-1.0.1c/ssl/s23_clnt.c 2012-09-17 02:09:01.140540223 -0700 @@ -491,7 +491,7 @@ - * as hack workaround chop number of supported ciphers - * to keep it well below this if we use TLS v1.2 - */ + * as hack workaround chop number of supported ciphers + * to keep it well below this if we use TLS v1.2 + */ - if (TLS1_get_version(s) >= TLS1_2_VERSION + if (TLS1_get_client_version(s) >= TLS1_2_VERSION - && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; - #endif + && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) + i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; + #endif
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1051892 Title: [Quantal] Regression in TLS 1.2 workarounds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1051892/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
