Bug#912604: [Pkg-openssl-devel] Bug#912604: libssl1.1: libssl version 1.1.1 breaks burp backup buster clients with stretch server
On Thu, Nov 01, 2018 at 09:52:12PM +0100, Sebastian Andrzej Siewior wrote: > |$ openssl x509 -in 912604.cert -text | grep Signature > |Signature Algorithm: sha1WithRSAEncryption > |Signature Algorithm: sha1WithRSAEncryption > > The point is that your server certificate is signed with SHA1 while > the minimum is SHA256. Please note that all publicly issued certificates > are signed with SHA256 these days. Thank you for your feedback. You are right. I do not know why I was checking the CA certificate only and not the server one. The CA one is signed with SHA256 while the server one is signed with SHA1. > I would suggest a *note* in burp to notify users of burp which created > self-signed certificates with pre-Buster machines that they might need > to recreate their certificate if it is sigend with SHA1. Thus > resssigning to burp. On Thu, Nov 01, 2018 at 10:17:18PM +0100, Kurt Roeckx wrote: > As far as I know, the default in stretch should also use sha256, > most likely those certificates are older. The certificate was issued in 2016. It was therefore likely generated with Jessie. I have regenerated the server certificate and everything is working now. Nevertheless, I believe this should be documented somewhere in the Debian burp package that certificates generated under Jessie are likely to be rejected under Buster. Antoine signature.asc Description: PGP signature
Bug#912604: [Pkg-openssl-devel] Bug#912604: libssl1.1: libssl version 1.1.1 breaks burp backup buster clients with stretch server
control: reassign -1 src:burp On 2018-11-01 18:56:30 [+0100], Antoine Sirinelli wrote: > I have a setup with a burp backup server running with an up to date > stretch distribution. The backup clients are running on either stretch > or buster workstation. Since the recent update of libssl1.1 from version > 1.1.0h-4 to 1.1.1-1 for the buster clients, the backups are now failing. > > This can be easily debugged with openssl, the error is: > > Verify return code: 68 (CA signature digest algorithm too weak) > > It seems it is linked to the fact that libssl is now selecting the > algorithm SHA512 instead of SHA256 for signing the digest. I have > attached the detailed logs of the openssl s_client output. nope: |$ openssl x509 -in 912604.cert -text | grep Signature |Signature Algorithm: sha1WithRSAEncryption |Signature Algorithm: sha1WithRSAEncryption The point is that your server certificate is signed with SHA1 while the minimum is SHA256. Please note that all publicly issued certificates are signed with SHA256 these days. I would suggest a *note* in burp to notify users of burp which created self-signed certificates with pre-Buster machines that they might need to recreate their certificate if it is sigend with SHA1. Thus resssigning to burp. I just tried the Buster version of burp and myClient.crt, myServer.crt and CA_myCA.crt is signed with SHA256. I would assume that the script does not set the signing method and the default is used which changed. > This can be solved by degrading the cipher requirements in > /etc/ssl/openssl.cnf: > > -CipherString = DEFAULT@SECLEVEL=2 > +CipherString = DEFAULT@SECLEVEL=1 > > This new version is therefore including an incompatibility between > stretch and buster. libssl1.1's news file worte a note and suggested to notify the remote side instead of switching the defaults. This affects only users which used self-signed certificates. > Antoine Sebastian
