group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #15533
[Bug 1709193] Re: Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer
** Also affects: ssmtp (Ubuntu Artful)
Importance: Undecided
Status: Invalid
** Also affects: gnutls26 (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: gnutls28 (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: ssmtp (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: gnutls26 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: gnutls28 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: ssmtp (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: gnutls26 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: gnutls28 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: ssmtp (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: gnutls26 (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: gnutls28 (Ubuntu Zesty)
Importance: Undecided
Status: New
** Changed in: gnutls26 (Ubuntu Trusty)
Status: New => Confirmed
** Changed in: gnutls26 (Ubuntu Xenial)
Status: New => Invalid
** Changed in: gnutls26 (Ubuntu Zesty)
Status: New => Invalid
** Changed in: gnutls26 (Ubuntu Artful)
Status: New => Invalid
** Changed in: ssmtp (Ubuntu Trusty)
Status: New => Invalid
** Changed in: ssmtp (Ubuntu Xenial)
Status: New => Invalid
** No longer affects: ssmtp (Ubuntu)
** Changed in: ssmtp (Ubuntu Zesty)
Status: New => Invalid
** Changed in: gnutls28 (Ubuntu Trusty)
Status: New => Won't Fix
** Changed in: gnutls28 (Ubuntu Xenial)
Status: New => Confirmed
** Changed in: gnutls28 (Ubuntu Zesty)
Status: New => Confirmed
** Changed in: gnutls28 (Ubuntu Artful)
Status: New => Confirmed
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1709193
Title:
Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer
Status in gnutls26 package in Ubuntu:
Invalid
Status in gnutls28 package in Ubuntu:
Confirmed
Status in gnutls26 source package in Trusty:
Confirmed
Status in gnutls28 source package in Trusty:
Won't Fix
Status in ssmtp source package in Trusty:
Invalid
Status in gnutls26 source package in Xenial:
Invalid
Status in gnutls28 source package in Xenial:
Confirmed
Status in ssmtp source package in Xenial:
Invalid
Status in gnutls26 source package in Zesty:
Invalid
Status in gnutls28 source package in Zesty:
Confirmed
Status in ssmtp source package in Zesty:
Invalid
Status in gnutls26 source package in Artful:
Invalid
Status in gnutls28 source package in Artful:
Confirmed
Status in ssmtp source package in Artful:
Invalid
Status in gnutls28 package in Debian:
Fix Released
Bug description:
sSMTP is limited to using TLSv1.0 and the "old" ciphers that come with
it. Here's a packet capture when ssmtp connects to
smtp.sdeziel.info:587 that offers TLSv1.0 and higher:
$ tshark -ta -Vr submission.pcap | sed -n '/^Frame 14:/,/^Frame 15:/ p' | grep -E '^[[:space:]]+(Version|Cipher|Handshake Protocol)'
Version: TLS 1.0 (0x0301)
Handshake Protocol: Client Hello
Version: TLS 1.0 (0x0301)
Cipher Suites Length: 30
Cipher Suites (15 suites)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
I would expect ssmtp to use TLSv1.2 and a recent cipher like the
openssl s_client is able to do:
$ echo | openssl s_client -connect smtp.sdeziel.info:587 -starttls smtp 2>/dev/null | grep -E '^[[:space:]]+(Protocol|Cipher)'
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Additional information:
$ lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04
$ apt-cache policy ssmtp libgnutls-openssl27
ssmtp:
Installed: 2.64-8ubuntu1
Candidate: 2.64-8ubuntu1
Version table:
*** 2.64-8ubuntu1 500
500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
libgnutls-openssl27:
Installed: 3.4.10-4ubuntu1.3
Candidate: 3.4.10-4ubuntu1.3
Version table:
*** 3.4.10-4ubuntu1.3 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
100 /var/lib/dpkg/status
3.4.10-4ubuntu1 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ssmtp 2.64-8ubuntu1 [modified: etc/ssmtp/revaliases]
ProcVersionSignature: Ubuntu 4.4.0-89.112-generic 4.4.76
Uname: Linux 4.4.0-89-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.10
Architecture: amd64
Date: Mon Aug 7 18:13:33 2017
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: ssmtp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.ssmtp.revaliases: [modified]
mtime.conffile..etc.ssmtp.revaliases: 2017-08-05T13:44:06.274302
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1709193/+subscriptions
