[Pkg-openssl-devel] Bug#813468: boinc-client: Some https connections fail due to Debian Jessie openssl and ca-certificate interactions

Tim Small tim at seoss.co.uk
Tue Feb 2 20:15:03 UTC 2016 

Package: openssl
Version: 1.0.1k-3+deb8u2
Followup-For: Bug #813468

> On Tue, Feb 02, 2016 at 19:14:24 +0100, Kurt Roeckx wrote:
> > On Tue, Feb 02, 2016 at 03:04:41PM +0100, Christian Beer wrote:
> > Since it works in openssl 1.0.2 you can either upgrade the package in
> > Jessie to 1.0.2 (which is unlikely I think) or backport the fix for
> > 1.0.2 to 1.0.1 upstream (which is even more unlikely).

> This has already been fixed in the upstream 1.0.1 release of a
> year ago.

I reference a patch above which backports the code from 1.0.1p to to
the openssl version in Jessie.

https://gist.github.com/h-yamamo/adf44638a1a04b8e86ea

... although I haven't tested or reviewed it, (the code does at least
come from the same upstream OpenSSL release series).

It would seem that the best fix would be to pull this upstream code
into an upcoming Jessie point release, because as this gives the least
surprising / least broken behaviour, and is in-line the the behaviour of
most (all?) modern SSL/TLS implementations.  

Rolling back the changes in ca-certificates would be a second best, but
this will be somewhat detrimental to security (although breaking 1024
bit RSA is believed to be hard at the time of writing, there is of
source, no guarentee that it will continue to be considered hard next
week/month/year).

> On Tue, Feb 02, 2016 at 03:04:41PM +0100, Christian Beer wrote:
> I will also reference the workaround we advise to "downgrade" the
> ca-certificates package:
> https://einstein.phys.uwm.edu/forum_thread.php?id=11760&postid=151305

I think this is the worst solution from a security point of view, as it
would prevent systems from revoking known-compromised CA certificates,
should any become known (this has happened multiple times in the past)
and be rolled out in future Debian security updates.

It is also a system-wide change impacting the security of many other
pieces of software (including ones which aren't impacted by the openssl
bug, because they use different certificate chain verification code),
so until Debian has a fix for this, I think I'd prefer to advise
per-application workarounds, such as the one reference in the original
report.

Tim.

More information about the Pkg-openssl-devel mailing list