Bug#1006519: marked as done (openvpn: FTBFS with OpenSSL 3.0)

Debian Bug Tracking System Sun, 15 May 2022 06:06:19 -0700

Your message dated Sun, 15 May 2022 16:02:48 +0300
with message-id <20220515130248.GA27942@localhost>
and subject line Already fixed in 2.6.0~git20220510+dco-1 in experimental
has caused the Debian Bug report #1006519,
regarding openvpn: FTBFS with OpenSSL 3.0
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1006519: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006519
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: openvpn
Version: 2.5.5-1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0
control: forwarded -1

Your package is failing to build using OpenSSL 3.0 with the
following error:

| Testing cipher CHACHA20-POLY1305... OK
| Testing cipher SEED-CBC... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher SEED-CFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher SEED-OFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
|Testing cipher SM4-CBC... OK
| Testing cipher SM4-CFB... OK
| Testing cipher SM4-OFB... OK
| Testing cipher BF-CBC... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-CBC) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher BF-CFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-CFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher BF-OFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-OFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher CAST5-CBC... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (CAST5-CBC) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mit igate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher CAST5-CFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (CAST5-CFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mit igate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher CAST5-OFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (CAST5-OFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mit igate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher DES-CBC... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (DES-CBC) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitig ate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher DES-CFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (DES-CFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitig ate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher DES-CFB8... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (DES-CFB8) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Miti gate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher DES-EDE-CBC... OK
| Testing cipher DES-EDE-CFB... OK
| Testing cipher DES-EDE-OFB... OK
| Testing cipher DES-EDE3-CBC... OK
| Testing cipher DES-EDE3-CFB... OK
| Testing cipher DES-EDE3-CFB8... OK
| Testing cipher DES-EDE3-OFB... OK
| Testing cipher DES-OFB... FAILED
| 2022-02-26 17:17:23 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 WARNING: INSECURE cipher (DES-OFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitig ate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:23 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:23 EVP cipher init #1
| 2022-02-26 17:17:23 Exiting due to fatal error
| Testing cipher DESX-CBC... FAILED
| 2022-02-26 17:17:23 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 WARNING: INSECURE cipher (DESX-CBC) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Miti gate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:23 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:23 EVP cipher init #1
| 2022-02-26 17:17:23 Exiting due to fatal error
| Testing cipher RC2-40-CBC... FAILED
| 2022-02-26 17:17:23 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 WARNING: INSECURE cipher (RC2-40-CBC) with block size 
less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mi tigate by 
using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:23 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:23 EVP cipher init #1
| 2022-02-26 17:17:23 Exiting due to fatal error
| Testing cipher RC2-64-CBC... FAILED
| 2022-02-26 17:17:23 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 WARNING: INSECURE cipher (RC2-64-CBC) with block size 
less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mi tigate by 
using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:23 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:23 EVP cipher init #1
| 2022-02-26 17:17:23 Exiting due to fatal error
| Testing cipher RC2-CBC... FAILED
|  2022-02-26 17:17:23 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 WARNING: INSECURE cipher (RC2-CBC) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitig ate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:23 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:23 EVP cipher init #1
| 2022-02-26 17:17:23 Exiting due to fatal error
| Testing cipher RC2-CFB... FAILED
| 2022-02-26 17:17:23 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 WARNING: INSECURE cipher (RC2-CFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitig ate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:23 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:23 EVP cipher init #1
| 2022-02-26 17:17:23 Exiting due to fatal error
| Testing cipher RC2-OFB... FAILED
| 2022-02-26 17:17:23 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:23 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:23 WARNING: INSECURE cipher (RC2-OFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitig ate by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:23 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:23 EVP cipher init #1
| 2022-02-26 17:17:23 Exiting due to fatal error
| Testing cipher none... OK
| Testing tls-crypt-v2 server key generation... OK
| Testing tls-crypt-v2 key generation (no metadata)... OK
| Testing tls-crypt-v2 key generation (max length metadata)... OK
| FAIL: t_lpback.sh
| The following test will take about two minutes.
| If the addresses are in use, this test will retry up to two times.
| PASS: t_cltsrv.sh
| no test_networking driver available. SKIPPING TEST.
| SKIP: t_net.sh
| ====================================================
| 1 of 2 tests failed
| (2 tests were not run)
| Please report to openvpn-us...@lists.sourceforge.net

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian

--- End Message ---

--- Begin Message ---

Version: 2.6.0~git20220510+dco-1

openvpn (2.6.0~git20220510+dco-1) experimental; urgency=medium
...
  * Build against OpenSSL 3.0

 -- Bernhard Schmidt <be...@debian.org>  Fri, 13 May 2022 00:01:35 +0200

--- End Message ---

Bug#1006519: marked as done (openvpn: FTBFS with OpenSSL 3.0)

Reply via email to