The patch was added by Dimitri in cosmic to restore compatibility with older and less secure TLS implementations using weak keys. However, bionic shipped without compatibility with those less secure keys, and we are unaware of any complaints about this change in bionic. This distro patch to lower the security baseline of openssl 1.1 was being introduced in SRU to bionic as part of the openssl 1.1.1 backport, and I rejected that upload after discussion with the security team, because it is not justifiable for the SRU to *lower* the security baseline in SRU without specific reports of breakage.
And since the protocol baseline in bionic is incompatible with those servers, there is no reason for newer non-LTS releases to be compatible with them. Hence, dropping the patch for devel is, I believe, obviously correct. SRUing that same change to cosmic is not as obviously correct since it carries some risk of regression vs. the state of cosmic at time of release. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1822984 Title: revert tls security level back to 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1822984/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
