Bug#912604: libssl1.1: libssl version 1.1.1 breaks burp backup buster clients with stretch server

Antoine Sirinelli Thu, 01 Nov 2018 11:10:06 -0700

Package: libssl1.1
Version: 1.1.1-2
Severity: normal

Dear Maintainer,


I have a setup with a burp backup server running with an up to date
stretch distribution. The backup clients are running on either stretch
or buster workstation. Since the recent update of libssl1.1 from version
1.1.0h-4 to 1.1.1-1 for the buster clients, the backups are now failing.

This can be easily debugged with openssl, the error is:

Verify return code: 68 (CA signature digest algorithm too weak)

It seems it is linked to the fact that libssl is now selecting the
algorithm SHA512 instead of SHA256 for signing the digest. I have
attached the detailed logs of the openssl s_client output.

This can be solved by degrading the cipher requirements in
/etc/ssl/openssl.cnf:

-CipherString = DEFAULT@SECLEVEL=2
+CipherString = DEFAULT@SECLEVEL=1

This new version is therefore including an incompatibility between
stretch and buster.

Antoine

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libssl1.1 depends on:
ii  debconf [debconf-2.0]  1.5.69
ii  libc6                  2.27-6

libssl1.1 recommends no packages.

libssl1.1 suggests no packages.

-- debconf information excluded

CONNECTED(00000005)
---
Certificate chain
 0 s:CN = burpserver
   i:CN = burpCA
 1 s:CN = burpCA
   i:CN = burpCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICrjCCAZagAwIBAgIBADANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZidXJw
Q0EwHhcNMTYwMzA2MTYyNzAxWhcNMzYwMzAxMTYyNzAxWjAVMRMwEQYDVQQDDApi
dXJwc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5OqdyM+
hFHKEwk6Eejpx/IF+nOvZXwfank0XYBLJJbcVMlSDNMQcEE034fes/SJlP7JMMyx
7W8XqFK2U46wCd6JD14XhsPXQEHXYKPC6UajEWCyG4g4QkGLj3sdYOsMUSQcjAWT
Jdj3KIj90eRIQIcty+AEpXIhvzo07fSdaEG4h5DoTzRHEgLsr6VlXtOownuO9ss1
53DJpeBtL7WMT8th60GRZ5HAFtrIYKuHOBlAmvvZ9Y6YJgwAwH3LWOt/708gdIuZ
sjUIu3ChidLiOXW7biulG3HmylE/YagH4o/cnw6G2CE8L/vrfJ+AuL1EJhtCNgDP
DsLOZ7U61k8e0QIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IB
AQAbelbLeXhwyM2KnJ5QYdgZ7KNnLhWzGT+TcGEYpxdEkWbgWU9J3bCCzQU+ol6x
g6O2jyxnN0zptz+RfGNNYsSIUxjlM2YF6bJtvkEMwAZ0xuHlhGqlmyiL6LvpuqS7
1cqF0m6w24Ik6o69tmAIDWuqF6FcmoC5BeddNaugMxei5KEZDf9JmpGIXEO89/AF
Hz4pSTEGzB2mHdW/Ajc0XHK/F2e1CWICIVVY8muAsDSVDjkDwl1jbrHwAU0Q5aG6
iyX3lXJ6Ioh+nIhdPI5hx0UBAZ3ltHgfRMKU73cbFlM01CRHOdbtzEgoZHfWCigB
QHWDmZfxyqicdoRVuA+NYXpy
-----END CERTIFICATE-----
subject=CN = burpserver

issuer=CN = burpCA

---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: 
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: 
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2176 bytes and written 413 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: BB7226E25A4AE01E948F038FDFB06A6AB5E6DFE10274A3B081E58828AD1FBC21
    Session-ID-ctx: 
    Master-Key: 
12F7658D651A8122D63A96A2DC2B183D5D6B167B31AA3CF8F782B23230AE5400A003BCAE229EDF8F6B152BD105E2ABF0
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - aa 5f 40 8f a7 85 84 d1-63 89 31 44 dc 25 7e 5a   ._@.....c.1D.%~Z
    0010 - 54 12 3b 5c 4b 6a b8 47-7d 10 11 93 fc 3c fd f4   T.;\Kj.G}....<..
    0020 - f2 fd c8 3d 18 f7 09 68-c7 bb 78 2e b5 9f d2 cd   ...=...h..x.....
    0030 - 6c 3a a3 87 15 49 c0 ed-5e a8 d9 ac 12 3f cb b2   l:...I..^....?..
    0040 - 99 b8 6f 69 7e 57 7a 80-1a 41 ef 30 5a 87 8b cb   ..oi~Wz..A.0Z...
    0050 - 99 de dd 10 b2 d5 9e 37-49 21 6b 77 96 cf 63 e4   .......7I!kw..c.
    0060 - 96 22 51 12 67 ac 72 55-03 54 94 e5 68 fb bb f5   ."Q.g.rU.T..h...
    0070 - c0 37 cb 5c f3 dd 62 9c-31 86 74 46 70 62 5e 3e   .7.\..b.1.tFpb^>
    0080 - f0 55 aa a7 6e cd bd cb-58 4e 2b 49 f6 74 fa c9   .U..n...XN+I.t..
    0090 - 77 bf ef 2e 6c aa bd 03-58 fa 20 f6 25 9d 53 04   w...l...X. .%.S.
    00a0 - 0e 19 21 6e e2 78 b2 98-b3 a6 47 2b c5 a8 02 1d   ..!n.x....G+....

    Start Time: 1541093062
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---

CONNECTED(00000005)
---
Certificate chain
 0 s:CN = burpserver
   i:CN = burpCA
 1 s:CN = burpCA
   i:CN = burpCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICrjCCAZagAwIBAgIBADANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZidXJw
Q0EwHhcNMTYwMzA2MTYyNzAxWhcNMzYwMzAxMTYyNzAxWjAVMRMwEQYDVQQDDApi
dXJwc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5OqdyM+
hFHKEwk6Eejpx/IF+nOvZXwfank0XYBLJJbcVMlSDNMQcEE034fes/SJlP7JMMyx
7W8XqFK2U46wCd6JD14XhsPXQEHXYKPC6UajEWCyG4g4QkGLj3sdYOsMUSQcjAWT
Jdj3KIj90eRIQIcty+AEpXIhvzo07fSdaEG4h5DoTzRHEgLsr6VlXtOownuO9ss1
53DJpeBtL7WMT8th60GRZ5HAFtrIYKuHOBlAmvvZ9Y6YJgwAwH3LWOt/708gdIuZ
sjUIu3ChidLiOXW7biulG3HmylE/YagH4o/cnw6G2CE8L/vrfJ+AuL1EJhtCNgDP
DsLOZ7U61k8e0QIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IB
AQAbelbLeXhwyM2KnJ5QYdgZ7KNnLhWzGT+TcGEYpxdEkWbgWU9J3bCCzQU+ol6x
g6O2jyxnN0zptz+RfGNNYsSIUxjlM2YF6bJtvkEMwAZ0xuHlhGqlmyiL6LvpuqS7
1cqF0m6w24Ik6o69tmAIDWuqF6FcmoC5BeddNaugMxei5KEZDf9JmpGIXEO89/AF
Hz4pSTEGzB2mHdW/Ajc0XHK/F2e1CWICIVVY8muAsDSVDjkDwl1jbrHwAU0Q5aG6
iyX3lXJ6Ioh+nIhdPI5hx0UBAZ3ltHgfRMKU73cbFlM01CRHOdbtzEgoZHfWCigB
QHWDmZfxyqicdoRVuA+NYXpy
-----END CERTIFICATE-----
subject=CN = burpserver

issuer=CN = burpCA

---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: 
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: 
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2176 bytes and written 407 bytes
Verification error: CA signature digest algorithm too weak
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 7E105FB538C5E6D0DEEEE6CE948A02709C38507F84662E67CE1B3F4BAFD560A5
    Session-ID-ctx: 
    Master-Key: 
4C49DFA44535DDB00048D84BCF9BF9F03A34D475430CD87E9A495FED78980C6BA8AA398739AAD3972E42BF1BFFF380D1
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - aa 5f 40 8f a7 85 84 d1-63 89 31 44 dc 25 7e 5a   ._@.....c.1D.%~Z
    0010 - e2 57 a8 7e 92 8b 6f 35-4c e5 58 d1 51 20 a0 70   .W.~..o5L.X.Q .p
    0020 - 82 1e f8 df 79 81 e5 0d-46 98 4a bb e8 ac 38 85   ....y...F.J...8.
    0030 - af b9 db 5f 92 9a 5a 96-d1 ec 06 2b 8e f4 5c 10   ..._..Z....+..\.
    0040 - 43 fc fc 21 49 6f 65 7c-3c ee 94 de f7 2f e1 ef   C..!Ioe|<..../..
    0050 - 6b 61 00 2d ef 6d 6a 39-0f 76 18 1a e6 1f 5d d8   ka.-.mj9.v....].
    0060 - fc 9b c0 49 d0 ee 3f 03-ae c5 c8 54 5b cd a5 78   ...I..?....T[..x
    0070 - c5 ad 91 32 1f ff 76 7d-d3 26 52 22 b7 1b dc 52   ...2..v}.&R"...R
    0080 - 36 8a a0 a9 b5 1f f6 32-25 32 ba ec 4e 8d 22 43   6......2%2..N."C
    0090 - 01 09 47 4c 62 7e b5 34-02 ee 3a e3 5b 0b 83 3d   ..GLb~.4..:.[..=
    00a0 - 7e c8 5f af 06 59 d7 b0-34 17 3b 07 f1 73 8e ba   ~._..Y..4.;..s..

    Start Time: 1541091756
    Timeout   : 7200 (sec)
    Verify return code: 68 (CA signature digest algorithm too weak)
    Extended master secret: yes
---

CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=burpserver
   i:/CN=burpCA
 1 s:/CN=burpCA
   i:/CN=burpCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICrjCCAZagAwIBAgIBADANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZidXJw
Q0EwHhcNMTYwMzA2MTYyNzAxWhcNMzYwMzAxMTYyNzAxWjAVMRMwEQYDVQQDDApi
dXJwc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5OqdyM+
hFHKEwk6Eejpx/IF+nOvZXwfank0XYBLJJbcVMlSDNMQcEE034fes/SJlP7JMMyx
7W8XqFK2U46wCd6JD14XhsPXQEHXYKPC6UajEWCyG4g4QkGLj3sdYOsMUSQcjAWT
Jdj3KIj90eRIQIcty+AEpXIhvzo07fSdaEG4h5DoTzRHEgLsr6VlXtOownuO9ss1
53DJpeBtL7WMT8th60GRZ5HAFtrIYKuHOBlAmvvZ9Y6YJgwAwH3LWOt/708gdIuZ
sjUIu3ChidLiOXW7biulG3HmylE/YagH4o/cnw6G2CE8L/vrfJ+AuL1EJhtCNgDP
DsLOZ7U61k8e0QIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IB
AQAbelbLeXhwyM2KnJ5QYdgZ7KNnLhWzGT+TcGEYpxdEkWbgWU9J3bCCzQU+ol6x
g6O2jyxnN0zptz+RfGNNYsSIUxjlM2YF6bJtvkEMwAZ0xuHlhGqlmyiL6LvpuqS7
1cqF0m6w24Ik6o69tmAIDWuqF6FcmoC5BeddNaugMxei5KEZDf9JmpGIXEO89/AF
Hz4pSTEGzB2mHdW/Ajc0XHK/F2e1CWICIVVY8muAsDSVDjkDwl1jbrHwAU0Q5aG6
iyX3lXJ6Ioh+nIhdPI5hx0UBAZ3ltHgfRMKU73cbFlM01CRHOdbtzEgoZHfWCigB
QHWDmZfxyqicdoRVuA+NYXpy
-----END CERTIFICATE-----
subject=/CN=burpserver
issuer=/CN=burpCA
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: 
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: 
RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2160 bytes and written 281 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 441E4291B6D84B74EFC18590356D681664DD9D030337F8C73432C986EC17B315
    Session-ID-ctx: 
    Master-Key: 
B6B31FD2CAB685985B5E2DAABE89A603D4BB75BF038F600C54D66779CB455CE1F31BC19674A693A02A377B18BE648656
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - aa 5f 40 8f a7 85 84 d1-63 89 31 44 dc 25 7e 5a   ._@.....c.1D.%~Z
    0010 - be 75 64 ec f4 71 86 4c-da 9e 9e db 88 71 43 45   .ud..q.L.....qCE
    0020 - c8 9b ff 65 21 0c 9f 57-3b dd 38 53 7e 53 69 2c   ...e!..W;.8S~Si,
    0030 - 0c 6c c1 bb 60 f4 8a 53-ea bd 9a a7 40 d8 a9 d2   .l..`..S....@...
    0040 - 3a b6 18 90 f1 b7 b9 15-10 27 23 cd 5b 28 bf 86   :........'#.[(..
    0050 - c8 8c e6 f8 e4 74 d3 4c-ef 56 40 f1 b8 d2 6e ec   .....t.L.V@...n.
    0060 - 1a c5 41 80 84 7b c5 12-d4 56 a2 c0 19 0e 06 3e   ..A..{...V.....>
    0070 - 39 bb 6c 0f ec 9c b0 e1-c7 49 12 5e a9 af c0 3d   9.l......I.^...=
    0080 - bc 97 23 52 88 83 6e b6-39 43 c3 f2 67 48 21 61   ..#R..n.9C..gH!a
    0090 - 62 1a 09 17 be f9 4e 97-bd f1 97 40 78 d0 c0 c3   b.....N....@x...

    Start Time: 1541091708
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---

signature.asc
Description: PGP signature

Bug#912604: libssl1.1: libssl version 1.1.1 breaks burp backup buster clients with stretch server

Reply via email to