[Pkg-openssl-devel] Bug#912604: Bug#912604: libssl1.1: libssl version 1.1.1 breaks burp backup buster clients with stretch server

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Thu Nov 1 20:52:12 GMT 2018 

control: reassign -1 src:burp 

On 2018-11-01 18:56:30 [+0100], Antoine Sirinelli wrote:
> I have a setup with a burp backup server running with an up to date
> stretch distribution. The backup clients are running on either stretch
> or buster workstation. Since the recent update of libssl1.1 from version
> 1.1.0h-4 to 1.1.1-1 for the buster clients, the backups are now failing.
> 
> This can be easily debugged with openssl, the error is:
> 
> Verify return code: 68 (CA signature digest algorithm too weak)
> 
> It seems it is linked to the fact that libssl is now selecting the
> algorithm SHA512 instead of SHA256 for signing the digest. I have
> attached the detailed logs of the openssl s_client output.

nope:

|$ openssl x509 -in 912604.cert -text | grep Signature
|        Signature Algorithm: sha1WithRSAEncryption
|    Signature Algorithm: sha1WithRSAEncryption

The point is that your server certificate is signed with SHA1 while
the minimum is SHA256. Please note that all publicly issued certificates
are signed with SHA256 these days.

I would suggest a *note* in burp to notify users of burp which created
self-signed certificates with pre-Buster machines that they might need
to recreate their certificate if it is sigend with SHA1. Thus
resssigning to burp.
I just tried the Buster version of burp and myClient.crt, myServer.crt
and CA_myCA.crt is signed with SHA256. I would assume that the script
does not set the signing method and the default is used which changed.

> This can be solved by degrading the cipher requirements in
> /etc/ssl/openssl.cnf:
> 
> -CipherString = DEFAULT at SECLEVEL=2
> +CipherString = DEFAULT at SECLEVEL=1
> 
> This new version is therefore including an incompatibility between
> stretch and buster.

libssl1.1's news file worte a note and suggested to notify the remote
side instead of switching the defaults. This affects only users which
used self-signed certificates.

> Antoine

Sebastian

More information about the Pkg-openssl-devel mailing list