Public bug reported: This bug is a regression in libserf-1-1 version 1.3.9-10ubuntu1, which switched to OpenSSL 3.0. Version 1.3.9-10, which uses OpenSSL 1.1, does not have this bug.
Using version 1.3.9-10ubuntu1, Subversion, which is the only dependant of this package in the Ubuntu repository, breaks when using the https protocol. For instance, the command... svn info https://svn.apache.org/repos/asf/subversion/trunk ... will no longer work and, depending on the server, may close the connection or return some sort of error. Attempting to analyze the problem in wireshark, I discovered that the TLS traffic generated by libserf is malformed and cannot be parsed by wireshark's packet disassemblers. At a glance, it appears that libserf is sending a raw TLS Client Hello without first sending a TLS record header. For instance, to use the illustrated handshake example here [1], the handshake that libserf generates appears to be missing the first five bytes (the TLS record header) and instead begins with what the illustrated example calls the TLS handshake header. [1] https://tls.ulfheim.net/ ** Affects: serf (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956040 Title: Malformed TLS handshake with OpenSSL 3.0 (breaks subversion) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/serf/+bug/1956040/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
