Can someone please tell the process of the workaround as i upgraded to
ubuntu 22.04 and can't connect to my university wifi and i can't
understand the details you guys are talking about
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
h
FYI, to restart wpa-supplicant after these edits:
systemctl restart wpa_supplicant
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1963834
Title:
openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABL
Yes, managing the configurations for the huge variety of cryptography
toolkits on a Linux system is definitely something of a chore. It would
be nice to give people one command they could use to return to unsafe-
but-compatible cryptography -- or enforce only modern cryptography.
Our friends at Re
It's a bit of an 'own goal' if this gets marked as 'won't fix'. As students
upgrade to 22.04 where I work they will find they can't connect to the
institutions or research centre wireless network. They won't care that the SSL
change is protecting them from an old SSL bug, they will just come bac
I'm marking this bug as `Won't Fix` as this new behavior is a deliberate
upstream choice that is documented in their migration documentation
https://www.openssl.org/docs/manmaster/man7/migration_guide.html
Granted, the documentation in question isn't exactly obvious (search for
RFC 5746), but we'v
We are having the same issue.
Out setup:
Ubuntu 22.04 (daily) + GlobalProtect Version 6 from Palo Alto Networks + SAML
Auth
We found a system-wide workaround.
Modify the existing openssl config file, path: /usr/lib/ssl/openssl.cnf
with your already mentioned settings (just add the missings ones):
Ok, I did get my case to work by creating ~/ssl.conf containing:
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
And then did OPENSSL_CONF=~/ssl.conf do-my-command
that wor
I tried also adding the following:
[openssl_init]
providers = provider_sect
ssl_conf = ssl_configuration
as I wasn't sure whether the [ssl_configuration] section would otherwise
get used for anything, but that didn't seem to make a difference.
The end of the file is
[ssl_configuration]
client =
FWIW I'm seeing this with the openconnect-sso
(https://github.com/vlaci/openconnect-sso) package on jammy. I just
tried adding the following to my /etc/ssl/openssl.cfg:
[ssl_configuration]
client = client_tls_config
[client_tls_config]
Options = UnsafeLegacyServerConnect
With no luck :(
--
Yo
... And while looking for what exactly to suggest upstream, I realized
that GitHub search only prints out the first match in a given file,
which mean I missed the config options part of
https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd_value_type.html
(search for UnsafeLegacyServerConnect), whi
To be clear, the root issue is that the server is using an outdated,
insecure protocol that has been deemed so for more than a decade, and
OpenSSL finally decided to disable it by default. The "proper" way to
fix this would be for them to upgrade.
Now, that being said, we live in the real world an
It looks like this was added in:
https://github.com/openssl/openssl/commit/72d2670bd21becfa6a64bb03fa55ad82d6d0c0f3
in order to address servers that have not yet been updated for
CVE-2009-3555.
It's possible to add a flag at the C level to connect insecurely,
SSL_OP_LEGACY_SERVER_CONNECT, but I
** Tags added: openssl3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1963834
Title:
openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]
To manage notifications about this bug go to:
https://b
13 matches
Mail list logo
