[Touch-packages] [Bug 1832933] Re: upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd

Sat, 15 Jun 2019 17:50:52 -0700 

** Also affects: erlang-p1-tls (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: erlang-p1-tls (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832933

Title:
  upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd

Status in ejabberd package in Ubuntu:
  New
Status in erlang-p1-tls package in Ubuntu:
  Confirmed
Status in openssl package in Ubuntu:
  New

Bug description:
  Hello!

  After upgrade to

  libssl1.1 1.1.1-1ubuntu2.1~18.04.2
  openssl 1.1.1-1ubuntu2.1~18.04.2

  on Ubuntu 18.04 server clients can't connect to ejabberd server:

  2019-06-15 15:56:26.431 [warning]
  <0.858.0>@ejabberd_c2s:process_terminated:290 (tls|<0.858.0>) Failed
  to secure c2s connection: TLS failed: client renegotiations forbidden

  ejabberd       version is                                18.01-2

  which is from Ubuntu 18.04.

  As far as I know ejabberd can work with openssl 1.1.1 only from 18.09
  https://blog.process-one.net/ejabberd-18-09/

  OpenSSL 1.1.1 support

  Either ejabberd in 18.04 should be updated or openssl should not be
  upgraded to 1.1.1 on 18.04 .

  Thank you!

  
  == erlang-p1-tls ==

  Looking at all upstream patches since 1.0.20 (current bionic) these
  are the useful ones:

  0002-Specify-accepted-Client-CAs-during-handshake.patch
  - quite small fixes Client CA negotiation

  0013-Update-cert-used-by-test-to-use-sha256-signature.patch
  - updates test cert to a stronger one

  0014-Add-no_tlsv1_3-option-parsing-from-openssl1.1.patch
  - tiny, andd "no_tlsv1_3" option

  0016-Improve-tests-to-make-them-work-with-openssl1.1.patch
  - testsuite fixes

  0022-Use-SSL_OP_NO_RENEGOTIATION-when-available.patch
  - needed to fix this bug, do not attempt renegotiation as that is no longer 
supported. Just ifdefs.

  
  There are also patches that add new apis, to rebuild cert caches, and query 
negotiated protocols, but meh.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ejabberd/+bug/1832933/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to