On Thu, Mar 26, 2026 at 3:35 AM Philipp Klaus Krause <[email protected]> wrote: > > Package: libssl3t64 > Version: 3.6.0-2 > Severity: normal > X-Debbugs-Cc: [email protected], [email protected] > User: [email protected] > Usertags: ppc64 > > Dear Maintainer, > > about a week ago, I upgraded libssl3t64 on my ppc64 system to 3.6.1-3. This > resulted in failures (see below). After downgrading to 3.6.0-2, the failures > disappeared. An amd64 system on the same network was not affected (there > 3.6.1 works). > > Failure example: > > philipp@nemesis:/tmp$ curl --verbose https://www.google.com > * Host www.google.com:443 was resolved. > * IPv6: 2001:4860:482d:7700::, 2001:4860:4829:7700::, 2001:4860:4827:7700::, > 2001:4860:482c:7700::, 2001:4860:4828:7700::, 2001:4860:482a:7700::, > 2001:4860:482b:7700::, 2001:4860:4826:7700:: > * IPv4: 142.251.156.119, 142.251.154.119, 142.251.152.119, 142.251.150.119, > 142.251.155.119, 142.251.153.119, 142.251.157.119, 142.251.151.119 > * Trying [2001:4860:482d:7700::]:443... > * ALPN: curl offers h2,http/1.1 > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * SSL Trust Anchors: > * CAfile: /etc/ssl/certs/ca-certificates.crt > * CApath: /etc/ssl/certs > * TLSv1.3 (IN), TLS handshake, Server hello (2): > * TLSv1.3 (IN), TLS change cipher, Change cipher spec (1): > * TLSv1.3 (OUT), TLS alert, bad record mac (532): > * TLS connect error: error:0A000119:SSL routines::decryption failed or bad > record mac > * closing connection #0 > curl: (35) TLS connect error: error:0A000119:SSL routines::decryption failed > or bad record mac > > -- System Information: > Debian Release: forky/sid > APT prefers unreleased > APT policy: (500, 'unreleased'), (500, 'unstable') > Architecture: ppc64 > > Kernel: Linux 6.19.8+deb14-powerpc64-64k (SMP w/176 CPU threads; PREEMPT) > Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not > set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages libssl3t64 depends on: > ii libc6 2.42-13 > ii libzstd1 1.5.7+dfsg-3+b1 > ii openssl-provider-legacy 3.6.1-3 > ii zlib1g 1:1.3.dfsg+really1.3.1-3 > > libssl3t64 recommends no packages. > > libssl3t64 suggests no packages. > > -- no debconf information
Interesting... 3.6.1-3 looks Ok on ppc64 and ppc64el according to <https://packages.debian.org/sid/libssl3t64>. Out of morbid curiosity... Is there any particular reason you need openssl-provider-legacy? Is something holding you back from using the modern version of OpenSSL? Also see the OSSL_PROVIDER-LEGACY(7SSL) man page, <https://manpages.debian.org/testing/openssl/OSSL_PROVIDER-legacy.7ssl.en.html>. Jeff
