*** This bug is a duplicate of bug 1864689 ***
https://bugs.launchpad.net/bugs/1864689
Hi, thanks for reporting this issue.
This isn't caused by the patch for CVE-2020-1967, it is caused by
OPENSSL_TLS_SECURITY_LEVEL=2 being set as the minimum security level.
You can try it with a lowered security level by doing the following:
curl -v --ciphers 'DEFAULT:@SECLEVEL=1' https://pub.orcid.org
I believe it is caused by having an insecure SHA1 certificate in their
chain:
- Certificate[3] info:
- subject `OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\,
Inc.,C=US', issuer `OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy
Group\, Inc.,C=US', serial 0x00, RSA key 2048 bits, signed using RSA-SHA1
(broken!), activated `2004-06-29 17:06:20 UTC', expires `2034-06-29 17:06:20
UTC', pin-sha256="VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8="
As such, I am marking this as a dupe of bug 1864689, you can follow progress on
the issue there.
Thanks.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1967
** This bug has been marked a duplicate of bug 1864689
openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in
Chrome and Firefox
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1874413
Title:
openssl 1.1.1f-1ubuntu2 breaks some TLS connections
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1874413/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
