ubuntu-sdk-bugs team mailing list archive

Thread
Date
[Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3

To: ubuntu-sdk-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1981807@xxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Sep 2022 14:07:02 -0000
Reply-to: Bug 1981807 <1981807@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
This bug was fixed in the package qtbase-opensource-src -
5.15.3+dfsg-2ubuntu0.2

---------------
qtbase-opensource-src (5.15.3+dfsg-2ubuntu0.2) jammy; urgency=medium

  * Add a patch to update signature of SSL_CTX_set_options for OpenSSL 3
    (LP: #1981807). Thanks Michael Saxl!

 -- Dmitry Shachnev <mitya57@xxxxxxxxxx>  Wed, 10 Aug 2022 11:37:53
+0300

** Changed in: qtbase-opensource-src (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1981807

Title:
  qt5-network openssl3 armhf does not support tls1.3

Status in qtbase-opensource-src package in Ubuntu:
  Fix Released
Status in qtbase-opensource-src source package in Jammy:
  Fix Released

Bug description:
  [Impact]

  Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to
  less secure protocols.

  [Test Plan]

  1. Create test.cpp with the following contents:

  #include <QtCore/QCoreApplication>
  #include <QtCore/QDebug>
  #include <QtNetwork/QSslConfiguration>
  #include <QtNetwork/QSslSocket>

  int main(int argc, char **argv) {
      QCoreApplication app(argc, argv);
      QSslSocket s;
      QSslConfiguration cfg = s.sslConfiguration();
      cfg.setProtocol(QSsl::TlsV1_3OrLater);
      s.setSslConfiguration(cfg);
      s.connectToHostEncrypted("www.ubuntu.com", 443);
      s.waitForConnected();
      qDebug() << s.sessionProtocol();
      return 0;
  }

  2. Create test.pro with the following contents:

  CONFIG += debug warn_all
  QT = core network
  SOURCES = test.cpp

  3. Install qtbase5-dev package.

  4. Compile using `qmake && make`.

  5. Run the generated ./test executable. It should print 15, not -1.

  [Where problems could occur]

  It is unlikely to cause issues on 64-bit platforms because long and
  uint64_t are both 64 bits long. On armhf potential problems may be
  related to availability of other protocols.

  [Original Description]

  lsb_release
  Description:    Ubuntu 22.04 LTS
  Release:        22.04

  libqt5network5/jammy,now 5.15.3+dfsg-2 armhf
  libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf

  the qt5 armhf version shipped with ubuntu jammy has a regression in
  tls1.3 support (simply missing in runtime).

  openssl supports tls1.3, so the underlying library works.
  x86_64 is obviously not affected
  the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3)

          QSslSocket* s = new QSslSocket();
          QSslConfiguration cfg = s->sslConfiguration();
          cfg.setProtocol(QSsl::TlsV1_3OrLater);
          s->setSslConfiguration(cfg);
          s->connectToHostEncrypted("tls13-enabled.server",443);
          s->waitForConnected();
          printf("%d\n",s->sessionProtocol());

  marking it as security since the most secure tls protocol is not used
  on some platforms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions