[Pkg-openssl-devel] Bug#775502: Bug#775502: openssl: 1.0.1e-2+deb7u14 broke DTLS handshake with Chrome/Firefox
Kurt Roeckx
kurt at roeckx.be
Fri Jan 16 19:35:54 UTC 2015
On Fri, Jan 16, 2015 at 08:34:00PM +0100, Salvatore Bonaccorso wrote:
> Hi Kurt,
>
> On Fri, Jan 16, 2015 at 06:43:36PM +0100, Kurt Roeckx wrote:
> > On Fri, Jan 16, 2015 at 04:17:59PM +0300, Andrey Semashev wrote:
> > > Package: openssl
> > > Version: 1.0.1e-2+deb7u14
> > > Severity: important
> > >
> > > Dear Maintainer,
> > >
> > > I have an application which uses libwebrtc to communicate with third party WebRTC clients, which are mostly Chrome and Firefox browsers.
> > > libwebrtc used in my application is compiled with openssl support to implement DTLS encryption while Chrome and Firefox, I believe, use libnss.
> > >
> > > After the 1.0.1e-2+deb7u14 update my application fails to connect to the browsers. According to logs, DTLS handshake never completes and times out.
> > >
> > > Through experimenting I found out that the problem is with the patch for CVE-2014-3571 (0109-Fix-crash-in-dtls1_get_record-whilst-in-the-listen-s.patch).
> > > If I rebuild the package without that patch the application starts connecting again. It also works with 1.0.1e-2+deb7u13.
> >
> > There is an upstream bug report about the patch for CVE-2014-0206
> > breaking it. Are you sure it's the right patch?
> >
> > The fix for that issue was to use SSL_CTX_set_read_ahead() setting
> > it to 1. Can you check that fixes it for you?
>
> Just to avoid confusion, I guess it is CVE-2015-0206, since
> CVE-2014-0206 was for linux. Is it this bug you are refering to:
> https://rt.openssl.org/Ticket/Display.html?id=3657
Yes, I copied Matt's wrong year, and it's the correct ticket.
Kurt
More information about the Pkg-openssl-devel
mailing list