Ubuntu
openssl package

When forcing TLSv1.2, the cipher list is truncated

Bug #1376447 reported by Marc Deslauriers on 2014-10-01

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openssl (Ubuntu)	Invalid	Undecided	Unassigned
	Precise	Fix Released	Undecided	Marc Deslauriers

Bug Description

Back in 2012, enabling TLSv1.2 would break connecting to certain servers. This was worked around in two ways in Ubuntu 12.04 LTS:

- OPENSSL_MAX_TLS1_2_CIPHER_LENGTH was set to 50, so that the cipher list sent would be truncated and wouldn't cause failures when connecting to certain servers that couldn't handle > 256 bytes
- OPENSSL_NO_TLS1_2_CLIENT was set to disable TLSv1.2 for clients by default

Although TLSv1.2 is disabled by default for clients, if it is forced, the cipher list gets truncated.

This will cause the following issues:
- Important ciphers may get dropped
- Secure renegotiation breaks

Ubuntu 14.04 LTS shipped with TLSv1.2 turned on by default, and two years later a lot of problematic equipment has been replaced or upgraded.

Related branches

lp:ubuntu/precise-security/openssl

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-10-01:

This is brought to our attention here:

https://twitter.com/andreasdotorg/status/517328756365873152

Changed in openssl (Ubuntu):
status:	New → Invalid
Changed in openssl (Ubuntu Precise):
status:	New → Confirmed
assignee:	nobody → Marc Deslauriers (mdeslaur)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-10-02:

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.18

---------------
openssl (1.0.1-4ubuntu5.18) precise-security; urgency=medium

  * SECURITY IMPROVEMENT: remove cipher length limitation that was set to
    work around problematic servers when using TLSv1.2 back in 2012.
    (LP: #1376447)
    - Although TLSv1.2 is disabled for clients by default, forcing it
      enabled would truncate the cipher list, possibly removing important
      ciphers, and was also breaking secure renegotiations.
    - debian/patches/tls12_workarounds.patch: remove
      OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 from Configure.
-- Marc Deslauriers <email address hidden> Wed, 01 Oct 2014 16:15:14 -0400

Changed in openssl (Ubuntu Precise):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenssl package