libssl1.0.0 1.0.2g-1ubuntu9.2 breaks OpenVPN (2.4.0-5ubuntu1 or
2.3.11-1ubuntu2) connections to Canonical's VPN on my Ryzen 7 1700X
desktop running Linux 4.10.0-21-generic. In UDP mode the server stops
responding during TLS negotiation, and in TCP mode the server closes the
connection at the same stage. Downgrading to ubuntu9.1 fixes it.
artful's 1.0.2g-1ubuntu12 is broken in the same way. The HMAC in use by
the VPN is SHA-1.

>From the server log:

ovpn-tcp[30227]: TCP connection established with [AF_INET]<REDACTED>:44544
ovpn-tcp[30227]: <REDACTED>:44544 TCP connection established with 
ovpn-tcp[30227]: <REDACTED>:44544 TLS_ERROR: BIO read tls_read_plaintext error: 
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
ovpn-tcp[30227]: <REDACTED>:44544 TLS Error: TLS object -> incoming plaintext 
read error
ovpn-tcp[30227]: <REDACTED>:44544 TLS Error: TLS handshake failed
ovpn-tcp[30227]: <REDACTED>:44544 Fatal TLS error (check_tls_errors_co), 

The start of a client log is at Until
the connection is closed by the server, it differs from a successful
connection only in its keys and session IDs.

** Tags added: regression-proposed

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  OpenSSL CPU detection for AMD Ryzen CPUs

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to