ubuntu-sdk-bugs team mailing list archive

Thread
Date

[Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3

To: ubuntu-sdk-bugs@xxxxxxxxxxxxxxxxxxx
From: Dmitry Shachnev <1981807@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 Aug 2022 08:49:42 -0000
Reply-to: Bug 1981807 <1981807@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

I used your patch from comment #10 with only one minor change: for old
OpenSSL versions I replaced long with unsigned long to match the latest
version of upstream patch. But it doesn't matter for Ubuntu anyway.

I am attaching a debdiff for jammy-security and subscribing ~ubuntu-
security-sponsors.

** Patch added: "qtbase-opensource-src_5.15.3+dfsg-2ubuntu0.2.diff"
   https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+attachment/5607636/+files/qtbase-opensource-src_5.15.3+dfsg-2ubuntu0.2.diff

** Also affects: qtbase-opensource-src (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Changed in: qtbase-opensource-src (Ubuntu Jammy)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1981807

Title:
  qt5-network openssl3 armhf does not support tls1.3

Status in qtbase-opensource-src package in Ubuntu:
  Fix Released
Status in qtbase-opensource-src source package in Jammy:
  Confirmed

Bug description:
  lsb_release
  Description:    Ubuntu 22.04 LTS
  Release:        22.04

  libqt5network5/jammy,now 5.15.3+dfsg-2 armhf
  libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf

  the qt5 armhf version shipped with ubuntu jammy has a regression in
  tls1.3 support (simply missing in runtime).

  openssl supports tls1.3, so the underlying library works.
  x86_64 is obviously not affected
  the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3)

          QSslSocket* s = new QSslSocket();
          QSslConfiguration cfg = s->sslConfiguration();
          cfg.setProtocol(QSsl::TlsV1_3OrLater);
          s->setSslConfiguration(cfg);
          s->connectToHostEncrypted("tls13-enabled.server",443);
          s->waitForConnected();
          printf("%d\n",s->sessionProtocol());

  marking it as security since the most secure tls protocol is not used
  on some platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions