[Pkg-openssl-devel] Bug#907015: openssl version 1.1.1 breaks multiple reverse dependencies; versioned Breaks needed
peter green
plugwash at p10link.net
Thu Oct 4 16:16:43 BST 2018
> > how is a versioned break helping anything? The minimal key limit, hash
> > and TLS version can be overriden via config file and this what is
> > causing the problems from what I can tell. So either the remote side
> > upgrades their things or the users enabled "lower security" mode.
> > Is there anything that skipped my mind?
>
> There are also bugs in packages that actually break because of the
> TLS 1.3 changes, for instance not sending the SNI and trying to
> connect to google. Having a Breaks might be useful for those.
It seems the "blockers" for this bug can be split into the following categories.
Testsuite (either build-time or autopkgtest) failure (or hang), unknown whether it's an issue in testsuite or actual code:
907340: qtbase-opensource-src breaks purpose autopkgtest possibly due to new openssl (not clear if this actually is openssl related or just a coincidence)
907339: qtbase-opensource-src breaks kdeconnect autopkgtest possibly due to new openssl (not clear if this actually is openssl related or just a coincidence)
907118: error:141a318a:ssl routines:tls_process_ske_dhe:dh key too small
900152: nsca-ng: FTBFS against openssl 1.1.1
900158: python3.5: FTBFS against openssl 1.1.1 (sid-only)
Testsuite failure that appears to be a testsuite-specific issue.
900161: ruby-openssl: FTBFS against openssl 1.1.1 (sid-only, I tried to fix this but failed)
907028: ruby-openssl: autopkgtest needs update for new version of openssl (sid-only, probably same issue as build-time testsuite failure mentioned above)
907135: boxbackup FTBFS with OpenSSL 1.1.1
897651: u1db: FTBFS against openssl 1.1.1 (appears to be an undersized key in tesuitsuite)
Testsuite failure that appear to indicate an actual issue in the real code:
900160: ruby-eventmachine: FTBFS against openssl 1.1.1 (I tried to fix this but failed)
900156: puma: FTBFS against openssl 1.1.1 (sid-only, speculated cause has apparently been fixed on the openssl side but i'm not sure if the fix made it for 1.1.1 and the build still hangs according to the reproducible builds service)
898800: foolscap: FTBFS against openssl 1.1.1
907219: m2crypto: autopkgtest needs update for new version of openssl
897658: m2crypto: FTBFS against openssl 1.1.1
907427: (kimap) openssl 1.1.1 breaks ssl tests
907790: ruby2.5: FTBFS due to openssl 1.1.1
907022: puma: autopkgtest times out after update of openssl (presumablly the same as the build-time failure)
900154: pion: FTBFS against openssl 1.1.1
Server in stable that cannot be connected to by client in unstable:
907118: error:141a318a:ssl routines:tls_process_ske_dhe:dh key too small
Key generation script generates undersized keys:
907528: synergy: low grade TLS certificate generation, now unusable in unstable
Websites on the internet using outdated crypto:
907807: After upgrading to OpenSSL 1.1.1, many sites are unreachable
Non-web infrastructure using outdated crypto:
907518: (wpasupplicant) New libssl1.1 1.1.1~~pre9-1 in unstable breaks connecting to some wifi networks
SNI related troubles:
909545: SSL CERTIFICATE_VERIFY_FAILED when using gs (Google Cloud Storage) backend.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20181004/b6b111af/attachment.html>
More information about the Pkg-openssl-devel
mailing list