On Wed, May 18, 2022 at 13:37:46 -0000, Simon Chopin wrote: > Could you give more details about what happens when using the legacy > providers?
The short version is that by enabling the legacy provider and setting SECLEVEL to 1, I'm able to get past the "digital envelope routines::unsupported" error during the tinc metadata channel setup... but the Jammy node still (just a step or two later in the negotiation process) reports a "Bogus data received from" error and then aborts the connection. The "Bogus data received from" error is a tinc error message, but as far as I can tell the likely trigger for that message is some sort of failure to decrypt incoming data by the OpenSSL library -- and since Focal, Impish and Jammy all have exactly the same tinc version, it would seem the issue is libssl3-related... but I am not sure precisely how.... You can find additional details in this tinc-mailing-list thread: https://www.tinc-vpn.org/pipermail/tinc/2022-May/005598.html (but so far the discussion there hasn't managed to narrow down the exact interaction between tinc and libssl that's causing the problem). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
