Patch for jammy
** Patch added: "lp2077769.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2077769/+attachment/5810117/+files/lp2077769.debdiff
** Changed in: openvpn (Ubuntu Jammy)
Status: New => In Progress
** Changed in: openvpn (Ubuntu)
Status: New => Invalid
** Tags added: sts
** Description changed:
[Impact]
When fips-preview is enabled in a Jammy server running openvpn --show-ciphers
returns no algorithms. This is caused by openvpn not loading the FIPS OpenSSL
provider. This actually works fine upstream but was broken by a previous ubuntu
patch that re-enables some algorithms that where moved to the legacy provider
by OpenSSL 3.0.
[Test Plan]
The bug can be reproduced by just running:
openvpn --show-ciphers
The non-patched version returns no algorithms and the patched version
should include a list of cipher algorithms like this:
AES-128-CBC (128 bit key, 128 bit block)
AES-128-CFB (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB1 (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB8 (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-GCM (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-OFB (128 bit key, 128 bit block, TLS client/server mode only)
...
[Where problems could occur]
If the FIPS provider is not present (like on non FIPS hardened servers) the
provider variable is NULL. That might generate some issues although I have seen
no problems.
+
+ [Other Info]
+ This applies only for jammy as other versions do not have this patch.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077769
Title:
fips-preview break openvpn ciphers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2077769/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
