← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1709193] Re: Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

 

** Also affects: ssmtp (Ubuntu Artful)
   Importance: Undecided
       Status: Invalid

** Also affects: gnutls26 (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Also affects: gnutls28 (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Also affects: ssmtp (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: gnutls26 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: gnutls28 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: ssmtp (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: gnutls26 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: gnutls28 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: ssmtp (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Also affects: gnutls26 (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Also affects: gnutls28 (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Changed in: gnutls26 (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: gnutls26 (Ubuntu Xenial)
       Status: New => Invalid

** Changed in: gnutls26 (Ubuntu Zesty)
       Status: New => Invalid

** Changed in: gnutls26 (Ubuntu Artful)
       Status: New => Invalid

** Changed in: ssmtp (Ubuntu Trusty)
       Status: New => Invalid

** Changed in: ssmtp (Ubuntu Xenial)
       Status: New => Invalid

** No longer affects: ssmtp (Ubuntu)

** Changed in: ssmtp (Ubuntu Zesty)
       Status: New => Invalid

** Changed in: gnutls28 (Ubuntu Trusty)
       Status: New => Won't Fix

** Changed in: gnutls28 (Ubuntu Xenial)
       Status: New => Confirmed

** Changed in: gnutls28 (Ubuntu Zesty)
       Status: New => Confirmed

** Changed in: gnutls28 (Ubuntu Artful)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1709193

Title:
  Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

Status in gnutls26 package in Ubuntu:
  Invalid
Status in gnutls28 package in Ubuntu:
  Confirmed
Status in gnutls26 source package in Trusty:
  Confirmed
Status in gnutls28 source package in Trusty:
  Won't Fix
Status in ssmtp source package in Trusty:
  Invalid
Status in gnutls26 source package in Xenial:
  Invalid
Status in gnutls28 source package in Xenial:
  Confirmed
Status in ssmtp source package in Xenial:
  Invalid
Status in gnutls26 source package in Zesty:
  Invalid
Status in gnutls28 source package in Zesty:
  Confirmed
Status in ssmtp source package in Zesty:
  Invalid
Status in gnutls26 source package in Artful:
  Invalid
Status in gnutls28 source package in Artful:
  Confirmed
Status in ssmtp source package in Artful:
  Invalid
Status in gnutls28 package in Debian:
  Fix Released

Bug description:
  sSMTP is limited to using TLSv1.0 and the "old" ciphers that come with
  it. Here's a packet capture when ssmtp connects to
  smtp.sdeziel.info:587 that offers TLSv1.0 and higher:

  $ tshark -ta -Vr submission.pcap | sed -n '/^Frame 14:/,/^Frame 15:/ p' | grep -E '^[[:space:]]+(Version|Cipher|Handshake Protocol)'
          Version: TLS 1.0 (0x0301)
          Handshake Protocol: Client Hello
              Version: TLS 1.0 (0x0301)
              Cipher Suites Length: 30
              Cipher Suites (15 suites)
                  Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                  Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                  Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
                  Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
                  Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                  Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                  Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                  Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
                  Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
                  Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                  Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                  Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                  Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
                  Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
                  Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)

  I would expect ssmtp to use TLSv1.2 and a recent cipher like the
  openssl s_client is able to do:

  $ echo | openssl s_client -connect smtp.sdeziel.info:587 -starttls smtp 2>/dev/null | grep -E '^[[:space:]]+(Protocol|Cipher)'
      Protocol  : TLSv1.2
      Cipher    : ECDHE-RSA-AES128-GCM-SHA256

  
  Additional information:

  $ lsb_release -rd
  Description:	Ubuntu 16.04.3 LTS
  Release:	16.04
  $ apt-cache policy ssmtp libgnutls-openssl27
  ssmtp:
    Installed: 2.64-8ubuntu1
    Candidate: 2.64-8ubuntu1
    Version table:
   *** 2.64-8ubuntu1 500
          500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
          100 /var/lib/dpkg/status
  libgnutls-openssl27:
    Installed: 3.4.10-4ubuntu1.3
    Candidate: 3.4.10-4ubuntu1.3
    Version table:
   *** 3.4.10-4ubuntu1.3 500
          500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
          100 /var/lib/dpkg/status
       3.4.10-4ubuntu1 500
          500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: ssmtp 2.64-8ubuntu1 [modified: etc/ssmtp/revaliases]
  ProcVersionSignature: Ubuntu 4.4.0-89.112-generic 4.4.76
  Uname: Linux 4.4.0-89-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.10
  Architecture: amd64
  Date: Mon Aug  7 18:13:33 2017
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: ssmtp
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.ssmtp.revaliases: [modified]
  mtime.conffile..etc.ssmtp.revaliases: 2017-08-05T13:44:06.274302

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1709193/+subscriptions