Public bug reported:
[impact]
tomcat9's ssl code includes:
from org/apache/tomcat/jni/SSL.java:
/* Return OpenSSL version number (compile time version, if version < 1.1.0)
*/
public static native int version();
from org/apache/tomcat/util/net/openssl/OpenSSLEngine.java:
if (SSL.version() >= 0x1010100f) {
protocols.add(Constants.SSL_PROTO_TLSv1_3);
}
This leads to a compile-time dependency on OpenSSL versioning, to
provide TLSv1.3 support.
[test case]
TBD
[regression potential]
as this is a rebuild-only, any regression would likely involve tomcat9
behavior changes due to differing compile-time dependencies.
[other info]
This isn't technically a regression, as before OpenSSL was upgraded to
1.1 in Bionic, tomcat9 correctly didn't provide TLSv1.3 support; but now
that OpenSSL 1.1 is available in Bionic, tomcat9 should support TLSv1.3.
** Affects: tomcat9 (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: tomcat9 (Ubuntu Bionic)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Also affects: tomcat9 (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: tomcat9 (Ubuntu Bionic)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: tomcat9 (Ubuntu Bionic)
Status: New => In Progress
** Changed in: tomcat9 (Ubuntu)
Status: New => Fix Released
** Changed in: tomcat9 (Ubuntu Bionic)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1854072
Title:
tomcat9 needs recompile to use TLSv1.3 from openssl 1.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1854072/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
