** Description changed: [Impact] - When fips-preview is enabled in a Jammy server running openvpn --show-ciphers returns nothing. This is caused by openvpn not loading the FIPS OpenSSL provider. This actually works fine upstream but was broken by a previous ubuntu patch that re-enables some algorithms that where moved to the legacy provider by OpenSSL 3.0. + When fips-preview is enabled in a Jammy server running openvpn --show-ciphers returns no algorithms. This is caused by openvpn not loading the FIPS OpenSSL provider. This actually works fine upstream but was broken by a previous ubuntu patch that re-enables some algorithms that where moved to the legacy provider by OpenSSL 3.0. [Test Plan] - The bug can be reproducer by just running: + The bug can be reproduced by just running: openvpn --show-ciphers The non-patched version returns no algorithms and the patched version should include a list of cipher algorithms like this: AES-128-CBC (128 bit key, 128 bit block) AES-128-CFB (128 bit key, 128 bit block, TLS client/server mode only) AES-128-CFB1 (128 bit key, 128 bit block, TLS client/server mode only) AES-128-CFB8 (128 bit key, 128 bit block, TLS client/server mode only) AES-128-GCM (128 bit key, 128 bit block, TLS client/server mode only) AES-128-OFB (128 bit key, 128 bit block, TLS client/server mode only) ... [Where problems could occur] If the FIPS provider is not present (like on non FIPS hardened servers) the provider variable is NULL. That might generate some issues although I have seen no problems.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077769 Title: fips-preview break openvpn ciphers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2077769/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
