Public bug reported:

The system is Ubuntu 16.04 with ESM support.
After the update (28.5.2022) of openssl and libssl1.0.0 packages from 
1.0.2g-1ubuntu4.20+esm2 to 1.0.2g-1ubuntu4.20+esm3 the php function 
openssl_get_cipher_methods (php7 from the distribution) is broken.
It randomly returns empty array when called.
Testing from php-cli it always returns proper data.
Testing with web server most of the times it returns an empty array.
Tested with apache + mod-php and apache + php-fpm.
Downgrading to versions to 1.0.2g-1ubuntu4.20 fixes the problem.
This downgrade makes the systems work, but introduces security risks.

An example code to reproduce the issue:
--------------------------------
<?php
$ciphers = openssl_get_cipher_methods();
$ciphers_and_aliases = openssl_get_cipher_methods(true);
$cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);

echo implode($ciphers);

print_r($ciphers);
print_r($cipher_aliases);
?>
----------------------------

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1976339

Title:
  Openssl update to 1.0.2g-1ubuntu4.20+esm3 Breaks Php
  Openssl_get_cipher_methods Function

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1976339/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to