found 1041533 4.17.3+10-g091466ba55-1~deb12u1
Hello all,
This bug also affects me, with the same symptoms and setup that were described
earlier:
root@hypervisor:~# cat /var/log/xen/qemu-dm-vm.log
xen-qemu-system-i386: -vnc :0,password=on,to=99: Cipher backend does
not support DES algorithm
root@hypervisor:~# grep vnc /etc/xen/vm
vnc = "1"
vncconsole = "1"
vnclisten = ""
vncpasswd = "some-password"
Searching for as to why this happens, I think I found the root cause:
https://gitlab.com/qemu-project/qemu/-/issues/1158
Sure enough, "regular" qemu-system-x86_64 includes both GnuTLS and Nettle:
root@hypervisor:~# ldd /usr/bin/qemu-system-x86_64 | grep -e crypt -e
tls -e nettle
libgnutls.so.30 => /lib/x86_64-linux-gnu/libgnutls.so.30
(0x00007f9e0b400000)
libnettle.so.8 => /lib/x86_64-linux-gnu/libnettle.so.8
(0x00007f9e0b072000)
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
(0x00007f9e0a000000)
But Xen's xen-qemu-system-i386 does not:
root@hypervisor:~# ldd /usr/libexec/xen-qemu-system-i386 | grep -e
crypt -e tls -e nettle
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
(0x00007f63b1600000)
Both versions are the same, though:
root@hypervisor:~# qemu-system-x86_64 --version
QEMU emulator version 7.2.11 (Debian 1:7.2+dfsg-7+deb12u6)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers
root@hypervisor:~# /usr/libexec/xen-qemu-system-i386 --version
QEMU emulator version 7.2.11 (Debian 1:7.2+dfsg-7+deb12u6)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers
This leads me to believe that if xen-qemu-system-i386 were to be linked with at
least one of the mentioned DES providers, this regression would be fixed.
Best regards,
Thomas
