<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>
<blockquote type="cite">
<pre class="message">> how is a versioned break helping anything? The minimal key limit, hash
> and TLS version can be overriden via config file and this what is
> causing the problems from what I can tell. So either the remote side
> upgrades their things or the users enabled "lower security" mode.
> Is there anything that skipped my mind?
There are also bugs in packages that actually break because of the
TLS 1.3 changes, for instance not sending the SNI and trying to
connect to google. Having a Breaks might be useful for those.
</pre>
</blockquote>
It seems the "blockers" for this bug can be split into the
following categories.</p>
<p>Testsuite (either build-time or autopkgtest) failure (or hang),
unknown whether it's an issue in testsuite or actual code:<br>
907340: qtbase-opensource-src breaks purpose autopkgtest possibly
due to new openssl (not clear if this actually is openssl related
or just a coincidence)<br>
907339: qtbase-opensource-src breaks kdeconnect autopkgtest
possibly due to new openssl (not clear if this actually is openssl
related or just a coincidence)<br>
907118: error:141a318a:ssl routines:tls_process_ske_dhe:dh key too
small<br>
900152: nsca-ng: FTBFS against openssl 1.1.1<br>
900158: python3.5: FTBFS against openssl 1.1.1 (sid-only)<br>
</p>
<p>Testsuite failure that appears to be a testsuite-specific issue.<br>
900161: ruby-openssl: FTBFS against openssl 1.1.1 (sid-only, I
tried to fix this but failed)<br>
907028: ruby-openssl: autopkgtest needs update for new version of
openssl (sid-only, probably same issue as build-time testsuite
failure mentioned above)<br>
907135: boxbackup FTBFS with OpenSSL 1.1.1<br>
897651: u1db: FTBFS against openssl 1.1.1 (appears to be an
undersized key in tesuitsuite)<br>
<br>
<br>
Testsuite failure that appear to indicate an actual issue in the
real code:<br>
900160: ruby-eventmachine: FTBFS against openssl 1.1.1 (I tried to
fix this but failed)<br>
900156: puma: FTBFS against openssl 1.1.1 (sid-only, speculated
cause has apparently been fixed on the openssl side but i'm not
sure if the fix made it for 1.1.1 and the build still hangs
according to the reproducible builds service)<br>
898800: foolscap: FTBFS against openssl 1.1.1 <br>
907219: m2crypto: autopkgtest needs update for new version of
openssl <br>
897658: m2crypto: FTBFS against openssl 1.1.1<br>
907427: (kimap) openssl 1.1.1 breaks ssl tests<br>
907790: ruby2.5: FTBFS due to openssl 1.1.1<br>
907022: puma: autopkgtest times out after update of openssl
(presumablly the same as the build-time failure)<br>
900154: pion: FTBFS against openssl 1.1.1<br>
<br>
Server in stable that cannot be connected to by client in
unstable:<br>
907118: error:141a318a:ssl routines:tls_process_ske_dhe:dh key too
small<br>
<br>
Key generation script generates undersized keys:<br>
907528: synergy: low grade TLS certificate generation, now
unusable in unstable<br>
<br>
Websites on the internet using outdated crypto:<br>
907807: After upgrading to OpenSSL 1.1.1, many sites are
unreachable<br>
<br>
Non-web infrastructure using outdated crypto:<br>
907518: (wpasupplicant) New libssl1.1 1.1.1~~pre9-1 in unstable
breaks connecting to some wifi networks<br>
<br>
SNI related troubles:<br>
909545: SSL CERTIFICATE_VERIFY_FAILED when using gs (Google Cloud
Storage) backend.<br>
<br>
<br>
</p>
</body>
</html>