[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
Just to confirm, on a fresh LXC Jammy container: root@rational-polliwog:~# dpkg -l openssl | tail -n 1 ii openssl3.0.2-0ubuntu1.4 amd64Secure Sockets Layer toolkit - cryptographic utility root@rational-polliwog:~# grep SECLEVEL /etc/ssl/openssl.cnf CipherString = DEFAULT:@SECLEVEL=2 root@rational-polliwog:~# openssl ciphers -v -s | wc -l 30 root@rational-polliwog:~# sed -i s/SECLEVEL=2/SECLEVEL=3/ /etc/ssl/openssl.cnf root@rational-polliwog:~# openssl ciphers -v -s | wc -l 24 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Released Status in openssl package in Debian: Fix Released Bug description: [Impact] The OpenSSL 3.0 lead to a lot of broken setups. Some of them are regressions, but others are simply broken due to the use of outdated algorithms, such as SHA-1 signature on certificates. Changing the security level is a common action to identify and work around such cases, and as such the user should be able to change it easily in the default config file. The fix is to partially revert our delta that ignored a Debian patch: instead of ignoring the patch entirely, we modify it to only affect the default configuration file, and in a way that matches our patchset. Using this approach will allow us to pick up on Debian's changes more easily during subsequent merges. [Test Plan] To easily check that the setting is taken into account, one can use 'openssl ciphers -s' $ openssl ciphers -v -s | wc -l # Uses the default value 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=2' | wc -l 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=3' | wc -l 24 $ vim /etc/ssl/openssl.cf # edit the config file to bump the seclevel to 3 $ openssl ciphers -v -s | wc -l # Uses the new value from the config file 24 [Where problems could occur] The changes could break the overall configuration of OpenSSL! [Origin report] openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
I updated the ssl packages to 3.0.2-0ubuntu1.4, and confirmed the updated openssl.cnf with the new directives: --- ssl-orig/openssl.cnf2022-03-16 09:35:51.0 +0100 +++ ssl/openssl.cnf 2022-06-09 13:20:55.0 +0200 @@ -52,6 +52,7 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] providers = provider_sect +ssl_conf = ssl_sect # List of providers to load [provider_sect] @@ -388,3 +389,9 @@ oldcert = $insta::certout # insta.cert.p # Certificate revocation cmd = rr oldcert = $insta::certout # insta.cert.pem + +[ssl_sect] +system_default = system_default_sect + +[system_default_sect] +CipherString = DEFAULT:@SECLEVEL=2 ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Released Status in openssl package in Debian: Fix Released Bug description: [Impact] The OpenSSL 3.0 lead to a lot of broken setups. Some of them are regressions, but others are simply broken due to the use of outdated algorithms, such as SHA-1 signature on certificates. Changing the security level is a common action to identify and work around such cases, and as such the user should be able to change it easily in the default config file. The fix is to partially revert our delta that ignored a Debian patch: instead of ignoring the patch entirely, we modify it to only affect the default configuration file, and in a way that matches our patchset. Using this approach will allow us to pick up on Debian's changes more easily during subsequent merges. [Test Plan] To easily check that the setting is taken into account, one can use 'openssl ciphers -s' $ openssl ciphers -v -s | wc -l # Uses the default value 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=2' | wc -l 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=3' | wc -l 24 $ vim /etc/ssl/openssl.cf # edit the config file to bump the seclevel to 3 $ openssl ciphers -v -s | wc -l # Uses the new value from the config file 24 [Where problems could occur] The changes could break the overall configuration of OpenSSL! [Origin report] openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
It looks like it failed to build... Any reason not to backport 3.0.3-5ubuntu2 from kinetic? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Released Status in openssl package in Debian: Fix Released Bug description: [Impact] The OpenSSL 3.0 lead to a lot of broken setups. Some of them are regressions, but others are simply broken due to the use of outdated algorithms, such as SHA-1 signature on certificates. Changing the security level is a common action to identify and work around such cases, and as such the user should be able to change it easily in the default config file. The fix is to partially revert our delta that ignored a Debian patch: instead of ignoring the patch entirely, we modify it to only affect the default configuration file, and in a way that matches our patchset. Using this approach will allow us to pick up on Debian's changes more easily during subsequent merges. [Test Plan] To easily check that the setting is taken into account, one can use 'openssl ciphers -s' $ openssl ciphers -v -s | wc -l # Uses the default value 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=2' | wc -l 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=3' | wc -l 24 $ vim /etc/ssl/openssl.cf # edit the config file to bump the seclevel to 3 $ openssl ciphers -v -s | wc -l # Uses the new value from the config file 24 [Where problems could occur] The changes could break the overall configuration of OpenSSL! [Origin report] openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
Hello Oibaf, or anyone else affected, Accepted openssl into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Jammy) Status: Confirmed => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Released Status in openssl package in Debian: Fix Released Bug description: [Impact] The OpenSSL 3.0 lead to a lot of broken setups. Some of them are regressions, but others are simply broken due to the use of outdated algorithms, such as SHA-1 signature on certificates. Changing the security level is a common action to identify and work around such cases, and as such the user should be able to change it easily in the default config file. The fix is to partially revert our delta that ignored a Debian patch: instead of ignoring the patch entirely, we modify it to only affect the default configuration file, and in a way that matches our patchset. Using this approach will allow us to pick up on Debian's changes more easily during subsequent merges. [Test Plan] To easily check that the setting is taken into account, one can use 'openssl ciphers -s' $ openssl ciphers -v -s | wc -l # Uses the default value 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=2' | wc -l 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=3' | wc -l 24 $ vim /etc/ssl/openssl.cf # edit the config file to bump the seclevel to 3 $ openssl ciphers -v -s | wc -l # Uses the new value from the config file 24 [Where problems could occur] The changes could break the overall configuration of OpenSSL! [Origin report] openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
This bug was fixed in the package openssl - 3.0.3-5ubuntu2 --- openssl (3.0.3-5ubuntu2) kinetic; urgency=medium * d/p/Set-systemwide-default-settings-for-libssl-users: don't comment out the CipherString string to avoid an empty section. -- Simon Chopin Tue, 31 May 2022 13:02:15 +0200 ** Changed in: openssl (Ubuntu Kinetic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: Fix Released Status in openssl package in Debian: Fix Released Bug description: [Impact] The OpenSSL 3.0 lead to a lot of broken setups. Some of them are regressions, but others are simply broken due to the use of outdated algorithms, such as SHA-1 signature on certificates. Changing the security level is a common action to identify and work around such cases, and as such the user should be able to change it easily in the default config file. The fix is to partially revert our delta that ignored a Debian patch: instead of ignoring the patch entirely, we modify it to only affect the default configuration file, and in a way that matches our patchset. Using this approach will allow us to pick up on Debian's changes more easily during subsequent merges. [Test Plan] To easily check that the setting is taken into account, one can use 'openssl ciphers -s' $ openssl ciphers -v -s | wc -l # Uses the default value 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=2' | wc -l 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=3' | wc -l 24 $ vim /etc/ssl/openssl.cf # edit the config file to bump the seclevel to 3 $ openssl ciphers -v -s | wc -l # Uses the new value from the config file 24 [Where problems could occur] The changes could break the overall configuration of OpenSSL! [Origin report] openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
** Description changed: - openssl.cnf as provided misses some directive, which make it a bit - difficult to change security level, which since openssl 3 disables SHA1 - signatures. + [Impact] + + The OpenSSL 3.0 lead to a lot of broken setups. Some of them are + regressions, but others are simply broken due to the use of outdated + algorithms, such as SHA-1 signature on certificates. Changing the + security level is a common action to identify and work around such + cases, and as such the user should be able to change it easily in the + default config file. + + The fix is to partially revert our delta that ignored a Debian patch: + instead of ignoring the patch entirely, we modify it to only affect the + default configuration file, and in a way that matches our patchset. + Using this approach will allow us to pick up on Debian's changes more + easily during subsequent merges. + + [Test Plan] + + To easily check that the setting is taken into account, one can use + 'openssl ciphers -s' + + $ openssl ciphers -v -s | wc -l # Uses the default value + 30 + $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=2' | wc -l + 30 + $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=3' | wc -l + 24 + $ vim /etc/ssl/openssl.cf # edit the config file to bump the seclevel to 3 + $ openssl ciphers -v -s | wc -l # Uses the new value from the config file + 24 + + [Where problems could occur] + + The changes could break the overall configuration of OpenSSL! + + [Origin report] + openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: Confirmed Status in openssl package in Debian: Fix Released Bug description: [Impact] The OpenSSL 3.0 lead to a lot of broken setups. Some of them are regressions, but others are simply broken due to the use of outdated algorithms, such as SHA-1 signature on certificates. Changing the security level is a common action to identify and work around such cases, and as such the user should be able to change it easily in the default config file. The fix is to partially revert our delta that ignored a Debian patch: instead of ignoring the patch entirely, we modify it to only affect the default configuration file, and in a way that matches our patchset. Using this approach will allow us to pick up on Debian's changes more easily during subsequent merges. [Test Plan] To easily check that the setting is taken into account, one can use 'openssl ciphers -s' $ openssl ciphers -v -s | wc -l # Uses the default value 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=2' | wc -l 30 $ openssl ciphers -v -s 'DEFAULT:@SECLEVEL=3' | wc -l 24 $ vim /etc/ssl/openssl.cf # edit the config file to bump the seclevel to 3 $ openssl ciphers -v -s | wc -l # Uses the new value from the config file 24 [Where problems could occur] The changes could break the overall configuration of OpenSSL! [Origin report] openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
** Merge proposal linked: https://code.launchpad.net/~schopin/ubuntu/+source/openssl/+git/openssl/+merge/423153 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: Confirmed Status in openssl package in Debian: Fix Released Bug description: openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
** Tags added: fr-2369 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: Confirmed Status in openssl package in Debian: Fix Released Bug description: openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
** Also affects: openssl (Ubuntu Kinetic) Importance: Medium Status: Confirmed ** Also affects: openssl (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openssl (Ubuntu Jammy) Importance: Undecided => Medium ** Changed in: openssl (Ubuntu Jammy) Status: New => Confirmed ** Tags removed: rls-jj-incoming rls-kk-incoming -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: Confirmed Status in openssl package in Debian: Fix Released Bug description: openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
** Changed in: openssl (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Status in openssl package in Debian: Fix Released Bug description: openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
** Bug watch added: Debian Bug tracker #1010360 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010360 ** Also affects: openssl (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010360 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Status in openssl package in Debian: Unknown Bug description: openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
** Changed in: openssl (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Status in openssl package in Debian: Unknown Bug description: openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
** Tags added: rls-kk-incoming ** Tags added: rls-jj-incoming -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Bug description: openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972056] Re: [openssl3] please sync openssl.cnf to ease changing security level
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssl (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972056 Title: [openssl3] please sync openssl.cnf to ease changing security level Status in openssl package in Ubuntu: Confirmed Bug description: openssl.cnf as provided misses some directive, which make it a bit difficult to change security level, which since openssl 3 disables SHA1 signatures. See also this Debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1010360 and the committed fix: https://salsa.debian.org/debian/openssl/-/commit/b507914c40270e32cde6afcc8af93707c225e7f4 Can you please sync this change in Ubuntu openssl? This way one should just add a single directive to change the security level. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1972056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
