Public bug reported:
While I welcome the adding of security features by upgrading vital packages
like openssl,
there are at least two packages that I know of which ran fine with libssl 1.1.0
and do not with libssl 1.1.1. This bug has been introduced with the migration
from openssl 1.1.0 to 1.1.1 in one of the last point releases.
1. stunnel4 3:5.44-1ubuntu3
stunnel4 breaks with openssl 1.1.1 (which supports TLS 1.3).
I get errors when a Windows stunnel client connects to the stunnel4
daemon:
Feb 20 14:10:03 peterpan.neverland stunnel[24427]: LOG3[0]: s_connect: connect
::1:3128
: Connection refused (111)
This can be fixed when I manually add "MaxProtocol = TLSv1.2" to
/etc/ssl/openssl.conf, showing that TLS 1.3 introduced by openssl 1.1.1
is the culprit.
stunnel4 needs an update. At least for stunnel4, another fix would be to
specify "sslVersion = TLSv1.2" in its config file.
2. pure-ftpd 1.0.46-1build1
Same thing here. You cannot connect once you use "tls=2" or higher if
openssl 1.1.1 with TLS 1.3 is active. Only fix here I found is to limit
the max protocol. pure-ftpd itself has no means of solving that problem,
at least not in the bionic version.
I use Ubuntu Server 18.04.04 LTS, BTW and openssl was 1.1.1-1ubuntu2.1~18.04.5.
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1865204
Title:
Multiple packages broke with openssl 1.1.1 upgrade
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1865204/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
