libssl1.0.0 1.0.2g-1ubuntu9.2 breaks OpenVPN (2.4.0-5ubuntu1 or 2.3.11-1ubuntu2) connections to Canonical's VPN on my Ryzen 7 1700X desktop running Linux 4.10.0-21-generic. In UDP mode the server stops responding during TLS negotiation, and in TCP mode the server closes the connection at the same stage. Downgrading to ubuntu9.1 fixes it. artful's 1.0.2g-1ubuntu12 is broken in the same way. The HMAC in use by the VPN is SHA-1.
>From the server log: ovpn-tcp[30227]: TCP connection established with [AF_INET]<REDACTED>:44544 ovpn-tcp[30227]: <REDACTED>:44544 TCP connection established with [AF_INET]<REDACTED>:47753 ovpn-tcp[30227]: <REDACTED>:44544 TLS_ERROR: BIO read tls_read_plaintext error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac ovpn-tcp[30227]: <REDACTED>:44544 TLS Error: TLS object -> incoming plaintext read error ovpn-tcp[30227]: <REDACTED>:44544 TLS Error: TLS handshake failed ovpn-tcp[30227]: <REDACTED>:44544 Fatal TLS error (check_tls_errors_co), restarting The start of a client log is at http://paste.ubuntu.com/24603459/. Until the connection is closed by the server, it differs from a successful connection only in its keys and session IDs. ** Tags added: regression-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674399 Title: OpenSSL CPU detection for AMD Ryzen CPUs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1674399/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
