[Pkg-openssl-devel] Bug#604723: Bug#604723: libssl0.9.8: 0.9.8g-15+lenny9 breaks existing openvpn tunnel with cipher AES-128-CBC

Kurt Roeckx kurt at roeckx.be
Wed Nov 24 17:57:02 UTC 2010


reassign 604723 openvpn 2.1~rc11-1
thanks

On Wed, Nov 24, 2010 at 09:10:43AM +0100, Martin Burman wrote:
> >On Tue, Nov 23, 2010 at 08:58:02PM +0100, Martin Burman wrote:
> >>Package: libssl0.9.8
> >>Version: 0.9.8g-15+lenny6
> >>Severity: important
> >>
> >>After apply the latest patches my openvpn tunnel broke down.
> >>Downgrading to cipher 0.9.8g-15+lenny6 (my previous version) brought the tunnel up again.
> >>Openvpn did start ok, interface went up, logs stated "connected to peer" but the tunnel was non-functional.
> >>
> >>I have production state on this tunnel so I had lack of time in investigating underlying causes.
> >>If you provide me with your wishes I can do tests under controlled circumstances.
> >Do the logs indicate any kind of error message?
> >
> >Can you try exactly which version broke things?  Can you for
> >instance try if 0.9.8g-15+lenny8 still works?
> >
> >I've tried this with 0.9.8o-3 which has the same patch as
> >0.9.8g-15+lenny9, and it still works for me.
> >
> >I can also try this with a lenny based system, but I'm not going
> >to try this this late in the evening.

So I've used a server with 0.9.8g-15+lenny9 now and things work
perfectly for me.  I've also heard some others didn't have any
problems at all.

I'm going to reassign this to the openvpn package as I think
there is nothing wrong with openssl.

> dev tap

My setup uses dev tun instead.


Kurt






More information about the Pkg-openssl-devel mailing list