[Bug 1832933] Re: upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd

Dimitri John Ledkov Sat, 15 Jun 2019 18:01:14 -0700

** Description changed:

  Hello!
  
  After upgrade to
  
  libssl1.1 1.1.1-1ubuntu2.1~18.04.2
  openssl 1.1.1-1ubuntu2.1~18.04.2
  
  on Ubuntu 18.04 server clients can't connect to ejabberd server:
  
  2019-06-15 15:56:26.431 [warning]
  <0.858.0>@ejabberd_c2s:process_terminated:290 (tls|<0.858.0>) Failed to
  secure c2s connection: TLS failed: client renegotiations forbidden
  
- 
  ejabberd       version is                                18.01-2
  
  which is from Ubuntu 18.04.
  
- As far as I know ejabberd can work with openssl 1.1.1 only from 18.09 
+ As far as I know ejabberd can work with openssl 1.1.1 only from 18.09
  https://blog.process-one.net/ejabberd-18-09/
  
  OpenSSL 1.1.1 support
  
  Either ejabberd in 18.04 should be updated or openssl should not be
  upgraded to 1.1.1 on 18.04 .
  
  Thank you!
+ 
+ 
+ == erlang-p1-tls ==
+ 
+ Looking at all upstream patches since 1.0.20 (current bionic) these are
+ the useful ones:
+ 
+ 0002-Specify-accepted-Client-CAs-during-handshake.patch
+ - quite small fixes Client CA negotiation
+ 
+ 0013-Update-cert-used-by-test-to-use-sha256-signature.patch
+ - updates test cert to a stronger one
+ 
+ 0014-Add-no_tlsv1_3-option-parsing-from-openssl1.1.patch
+ - tiny, andd "no_tlsv1_3" option
+ 
+ 0016-Improve-tests-to-make-them-work-with-openssl1.1.patch
+ - testsuite fixes
+ 
+ 0022-Use-SSL_OP_NO_RENEGOTIATION-when-available.patch
+ - needed to fix this bug, do not attempt renegotiation as that is no longer 
supported. Just ifdefs.
+ 
+ 
+ There are also patches that add new apis, to rebuild cert caches, and query 
negotiated protocols, but meh.


** Also affects: openssl (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: ejabberd (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: erlang-p1-tls (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: erlang-p1-tls (Ubuntu)
       Status: Confirmed => Fix Released

** No longer affects: openssl (Ubuntu Bionic)

** No longer affects: openssl (Ubuntu)

** No longer affects: ejabberd (Ubuntu Bionic)

** No longer affects: ejabberd (Ubuntu)

** Changed in: erlang-p1-tls (Ubuntu Bionic)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1832933

Title:
  upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/erlang-p1-tls/+bug/1832933/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1832933] Re: upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd

Reply via email to