ubuntu-sdk-bugs team mailing list archive
-
ubuntu-sdk-bugs team
-
Mailing list archive
-
Message #08146
[Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
This bug was fixed in the package qtbase-opensource-src -
5.15.3+dfsg-2ubuntu0.2
---------------
qtbase-opensource-src (5.15.3+dfsg-2ubuntu0.2) jammy; urgency=medium
* Add a patch to update signature of SSL_CTX_set_options for OpenSSL 3
(LP: #1981807). Thanks Michael Saxl!
-- Dmitry Shachnev <mitya57@xxxxxxxxxx> Wed, 10 Aug 2022 11:37:53
+0300
** Changed in: qtbase-opensource-src (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1981807
Title:
qt5-network openssl3 armhf does not support tls1.3
Status in qtbase-opensource-src package in Ubuntu:
Fix Released
Status in qtbase-opensource-src source package in Jammy:
Fix Released
Bug description:
[Impact]
Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to
less secure protocols.
[Test Plan]
1. Create test.cpp with the following contents:
#include <QtCore/QCoreApplication>
#include <QtCore/QDebug>
#include <QtNetwork/QSslConfiguration>
#include <QtNetwork/QSslSocket>
int main(int argc, char **argv) {
QCoreApplication app(argc, argv);
QSslSocket s;
QSslConfiguration cfg = s.sslConfiguration();
cfg.setProtocol(QSsl::TlsV1_3OrLater);
s.setSslConfiguration(cfg);
s.connectToHostEncrypted("www.ubuntu.com", 443);
s.waitForConnected();
qDebug() << s.sessionProtocol();
return 0;
}
2. Create test.pro with the following contents:
CONFIG += debug warn_all
QT = core network
SOURCES = test.cpp
3. Install qtbase5-dev package.
4. Compile using `qmake && make`.
5. Run the generated ./test executable. It should print 15, not -1.
[Where problems could occur]
It is unlikely to cause issues on 64-bit platforms because long and
uint64_t are both 64 bits long. On armhf potential problems may be
related to availability of other protocols.
[Original Description]
lsb_release
Description: Ubuntu 22.04 LTS
Release: 22.04
libqt5network5/jammy,now 5.15.3+dfsg-2 armhf
libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf
the qt5 armhf version shipped with ubuntu jammy has a regression in
tls1.3 support (simply missing in runtime).
openssl supports tls1.3, so the underlying library works.
x86_64 is obviously not affected
the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3)
QSslSocket* s = new QSslSocket();
QSslConfiguration cfg = s->sslConfiguration();
cfg.setProtocol(QSsl::TlsV1_3OrLater);
s->setSslConfiguration(cfg);
s->connectToHostEncrypted("tls13-enabled.server",443);
s->waitForConnected();
printf("%d\n",s->sessionProtocol());
marking it as security since the most secure tls protocol is not used
on some platforms
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions