[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
This bug was fixed in the package qtbase-opensource-src - 5.15.3+dfsg-2ubuntu0.2 --- qtbase-opensource-src (5.15.3+dfsg-2ubuntu0.2) jammy; urgency=medium * Add a patch to update signature of SSL_CTX_set_options for OpenSSL 3 (LP: #1981807). Thanks Michael Saxl! -- Dmitry Shachnev Wed, 10 Aug 2022 11:37:53 +0300 ** Changed in: qtbase-opensource-src (Ubuntu Jammy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Fix Released Bug description: [Impact] Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to less secure protocols. [Test Plan] 1. Create test.cpp with the following contents: #include #include #include #include int main(int argc, char **argv) { QCoreApplication app(argc, argv); QSslSocket s; QSslConfiguration cfg = s.sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s.setSslConfiguration(cfg); s.connectToHostEncrypted("www.ubuntu.com", 443); s.waitForConnected(); qDebug() << s.sessionProtocol(); return 0; } 2. Create test.pro with the following contents: CONFIG += debug warn_all QT = core network SOURCES = test.cpp 3. Install qtbase5-dev package. 4. Compile using `qmake && make`. 5. Run the generated ./test executable. It should print 15, not -1. [Where problems could occur] It is unlikely to cause issues on 64-bit platforms because long and uint64_t are both 64 bits long. On armhf potential problems may be related to availability of other protocols. [Original Description] lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
Marking as verified per comment #23. I also restarted the failed autopkgtest. ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Fix Committed Bug description: [Impact] Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to less secure protocols. [Test Plan] 1. Create test.cpp with the following contents: #include #include #include #include int main(int argc, char **argv) { QCoreApplication app(argc, argv); QSslSocket s; QSslConfiguration cfg = s.sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s.setSslConfiguration(cfg); s.connectToHostEncrypted("www.ubuntu.com", 443); s.waitForConnected(); qDebug() << s.sessionProtocol(); return 0; } 2. Create test.pro with the following contents: CONFIG += debug warn_all QT = core network SOURCES = test.cpp 3. Install qtbase5-dev package. 4. Compile using `qmake && make`. 5. Run the generated ./test executable. It should print 15, not -1. [Where problems could occur] It is unlikely to cause issues on 64-bit platforms because long and uint64_t are both 64 bits long. On armhf potential problems may be related to availability of other protocols. [Original Description] lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
Just tested the proposed version on two armhf systems. Both server and client mode now negotiate to tls1.3 if applicable. The other qt applications do still work. Of corse the test application in this thread also works (outputs 15) Package: libqt5network5 Version: 5.15.3+dfsg-2ubuntu0.2 Package: libssl3 Version: 3.0.2-0ubuntu1.6 So far I don't have any issues (also on amd64 I saw no regression, but as already noted in the binary there should be no difference on amd64 since sizeof(long) == sizeof(unint64_t) == sizeof(qossloptions)) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Fix Committed Bug description: [Impact] Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to less secure protocols. [Test Plan] 1. Create test.cpp with the following contents: #include #include #include #include int main(int argc, char **argv) { QCoreApplication app(argc, argv); QSslSocket s; QSslConfiguration cfg = s.sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s.setSslConfiguration(cfg); s.connectToHostEncrypted("www.ubuntu.com", 443); s.waitForConnected(); qDebug() << s.sessionProtocol(); return 0; } 2. Create test.pro with the following contents: CONFIG += debug warn_all QT = core network SOURCES = test.cpp 3. Install qtbase5-dev package. 4. Compile using `qmake && make`. 5. Run the generated ./test executable. It should print 15, not -1. [Where problems could occur] It is unlikely to cause issues on 64-bit platforms because long and uint64_t are both 64 bits long. On armhf potential problems may be related to availability of other protocols. [Original Description] lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
looking at the regression log, I see that it fails to launch jackd (exec of JACK server (command = "/usr/bin/jackd") failed: No such file or directory). Other platforms (amd64) do not have that log output. I suspect this is because drumkv1_jack was not started yet (and so the test is flaky). Essentially I do not see a connection between this change and this package failing. /usr/bin/drumkv1_jack does not even link to libQt5Network.so.5 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Fix Committed Bug description: [Impact] Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to less secure protocols. [Test Plan] 1. Create test.cpp with the following contents: #include #include #include #include int main(int argc, char **argv) { QCoreApplication app(argc, argv); QSslSocket s; QSslConfiguration cfg = s.sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s.setSslConfiguration(cfg); s.connectToHostEncrypted("www.ubuntu.com", 443); s.waitForConnected(); qDebug() << s.sessionProtocol(); return 0; } 2. Create test.pro with the following contents: CONFIG += debug warn_all QT = core network SOURCES = test.cpp 3. Install qtbase5-dev package. 4. Compile using `qmake && make`. 5. Run the generated ./test executable. It should print 15, not -1. [Where problems could occur] It is unlikely to cause issues on 64-bit platforms because long and uint64_t are both 64 bits long. On armhf potential problems may be related to availability of other protocols. [Original Description] lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
Hello msaxl, or anyone else affected, Accepted qtbase-opensource-src into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qtbase-opensource- src/5.15.3+dfsg-2ubuntu0.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: qtbase-opensource-src (Ubuntu Jammy) Status: Confirmed => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Fix Committed Bug description: [Impact] Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to less secure protocols. [Test Plan] 1. Create test.cpp with the following contents: #include #include #include #include int main(int argc, char **argv) { QCoreApplication app(argc, argv); QSslSocket s; QSslConfiguration cfg = s.sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s.setSslConfiguration(cfg); s.connectToHostEncrypted("www.ubuntu.com", 443); s.waitForConnected(); qDebug() << s.sessionProtocol(); return 0; } 2. Create test.pro with the following contents: CONFIG += debug warn_all QT = core network SOURCES = test.cpp 3. Install qtbase5-dev package. 4. Compile using `qmake && make`. 5. Run the generated ./test executable. It should print 15, not -1. [Where problems could occur] It is unlikely to cause issues on 64-bit platforms because long and uint64_t are both 64 bits long. On armhf potential problems may be related to availability of other protocols. [Original Description] lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
In #ubuntu-security just now: 14:44 sarnold: please could we have a definitive nack if you don't want bug 1981807 in the security pocket? Looking at the previous IRC conversation, it looks like it was a "decision pending review". -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Confirmed Bug description: [Impact] Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to less secure protocols. [Test Plan] 1. Create test.cpp with the following contents: #include #include #include #include int main(int argc, char **argv) { QCoreApplication app(argc, argv); QSslSocket s; QSslConfiguration cfg = s.sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s.setSslConfiguration(cfg); s.connectToHostEncrypted("www.ubuntu.com", 443); s.waitForConnected(); qDebug() << s.sessionProtocol(); return 0; } 2. Create test.pro with the following contents: CONFIG += debug warn_all QT = core network SOURCES = test.cpp 3. Install qtbase5-dev package. 4. Compile using `qmake && make`. 5. Run the generated ./test executable. It should print 15, not -1. [Where problems could occur] It is unlikely to cause issues on 64-bit platforms because long and uint64_t are both 64 bits long. On armhf potential problems may be related to availability of other protocols. [Original Description] lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
Oops, forgot about that. Done. Also, ABI is not affected. We have symbols to track ABI, and there are no symbols changes for libqt5network5. ** Description changed: + [Impact] + + Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to + less secure protocols. + + [Test Plan] + + 1. Create test.cpp with the following contents: + + #include + #include + #include + #include + + int main(int argc, char **argv) { + QCoreApplication app(argc, argv); + QSslSocket s; + QSslConfiguration cfg = s.sslConfiguration(); + cfg.setProtocol(QSsl::TlsV1_3OrLater); + s.setSslConfiguration(cfg); + s.connectToHostEncrypted("www.ubuntu.com", 443); + s.waitForConnected(); + qDebug() << s.sessionProtocol(); + return 0; + } + + 2. Create test.pro with the following contents: + + CONFIG += debug warn_all + QT = core network + SOURCES = test.cpp + + 3. Install qtbase5-dev package. + + 4. Compile using `qmake && make`. + + 5. Run the generated ./test executable. It should print 15, not -1. + + [Where problems could occur] + + It is unlikely to cause issues on 64-bit platforms because long and + uint64_t are both 64 bits long. On armhf potential problems may be + related to availability of other protocols. + + [Original Description] + lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms ** Changed in: qtbase-opensource-src (Ubuntu Jammy) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Confirmed Bug description: [Impact] Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to less secure protocols. [Test Plan] 1. Create test.cpp with the following contents: #include #include #include #include int main(int argc, char **argv) { QCoreApplication app(argc, argv); QSslSocket s; QSslConfiguration cfg = s.sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s.setSslConfiguration(cfg); s.connectToHostEncrypted("www.ubuntu.com", 443); s.waitForConnected(); qDebug() << s.sessionProtocol(); return 0; } 2. Create test.pro with the following contents: CONFIG += debug warn_all QT = core network SOURCES = test.cpp 3. Install qtbase5-dev package. 4. Compile using `qmake && make`. 5. Run the generated ./test executable. It should print 15, not -1. [Where problems could occur] It is unlikely to cause issues on 64-bit platforms because long and uint64_t are both 64 bits long. On armhf potential problems may be related to availability of other protocols. [Original Description] lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to :
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
The patch looks reasonable (assuming that it doesn't change ABI, which seems to be the case). Could you be able to update the bug with the necessary SRU information (the https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template can help here)? Particularly, the [Test Plan] and [Where problems might occur] parts are important. You've got most of a test-plan there already (but we should have some tests of existing packages to check we don't have a regression and make sure ABI hasn't been broken). I can help there, but you probably have better insight into this code and where it might go wrong than me :). If you'd like help, give me a ping (RAOF in #ubuntu- release:libera.chat). ** Changed in: qtbase-opensource-src (Ubuntu Jammy) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Incomplete Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
A few days ago I asked on #ubuntu-security about it and was told that it's better to make a non-security SRU upload for it: https://irclogs.ubuntu.com/2022/08/22/%23ubuntu-security.html#t12:01 So I uploaded it, and now it's waiting in unapproved queue for a release team member review: https://launchpad.net/ubuntu/jammy/+queue?queue_state=1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Confirmed Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
I have a version with the last attached patch in my ppa. This version works for me. Is there a change we get a SRU for this? Who would make that request? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Confirmed Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
I was not able to test it on Ubuntu because I don't have armhf hardware, but I have just tested it on a Debian porterbox. The only difference between Debian bookworm and sid versions of Qt is presence of this patch. I used this test code and complied it with qmake && make. mitya57@harris:~/test$ cat test.pro CONFIG += debug warn_all QT = core network SOURCES = test.cpp mitya57@harris:~/test$ cat test.cpp #include #include #include #include int main(int argc, char **argv) { QCoreApplication app(argc, argv); QSslSocket s; QSslConfiguration cfg = s.sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s.setSslConfiguration(cfg); s.connectToHostEncrypted("www.ubuntu.com", 443); s.waitForConnected(); qDebug() << s.sessionProtocol(); return 0; } Without patch: (bookworm_armhf-dchroot)mitya57@harris:~/test$ ./test -1 With patch: (sid_armhf-dchroot)mitya57@harris:~/test$ ./test 15 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Confirmed Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
I used your patch from comment #10 with only one minor change: for old OpenSSL versions I replaced long with unsigned long to match the latest version of upstream patch. But it doesn't matter for Ubuntu anyway. I am attaching a debdiff for jammy-security and subscribing ~ubuntu- security-sponsors. ** Patch added: "qtbase-opensource-src_5.15.3+dfsg-2ubuntu0.2.diff" https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+attachment/5607636/+files/qtbase-opensource-src_5.15.3+dfsg-2ubuntu0.2.diff ** Also affects: qtbase-opensource-src (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: qtbase-opensource-src (Ubuntu Jammy) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Jammy: Confirmed Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
This bug was fixed in the package qtbase-opensource-src - 5.15.4+dfsg-5 --- qtbase-opensource-src (5.15.4+dfsg-5) unstable; urgency=medium * Add a patch to update signature of SSL_CTX_set_options for OpenSSL 3 (LP: #1981807). Thanks Michael Saxl! -- Dmitry Shachnev Sun, 07 Aug 2022 16:56:40 +0300 ** Changed in: qtbase-opensource-src (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: Fix Released Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
Thank you. I will be offline for a few days, so I will upload this next week. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
This is my suggested backport of the upstream patch. since, as you might know, the file locations changed a bit, lso the file defining the new datatype moved from qsslsocket_openssl_symbols_p.h to qsslsocket_openssl_p.h since it is required there (setupOpenSslOptions is defined there, but qsslsocket_openssl.cpp, which includes qsslsocket_openssl_p.h includes qsslsocket_openssl_symbols_p.h too late; this is done differently in qt6 where setupOpenSslOptions is in qsslcontext_openssl.cpp) ** Patch added: "openssl_set_options.diff" https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+attachment/5607054/+files/openssl_set_options.diff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
Thank you. Once the patch is accepted upstream, I will backport it to Debian/Ubuntu packaging. In Ubuntu we don't care about older OpenSSL versions, but upstream Qt does care. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
@mitya57 the patch is now submitted to codereview. I am however only able to submit to the dev branch (took me a while to get this, never used gerrit before). This also means that the patch I submitted is for qt6. There is no way i send a codereview for qt5 anymore, so I don't know who will do the backport if the qt6 patch gets merged. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
just a side node on the findings while hunting down this issue in gdb: on armhf I think the calling convention is that integers are passed on registers. uint64 is not a (32bit) integer and since the value passed to SSL_CTX_set_options was not related in any way to the value passed in q_SSL_CTX_set_options I think uint64_t are expected to be on the stack. I cannot tell what value is in that place/where it came from, but it ALWAYS had bit29 set. Bit29 means disable tls1.3. I don't know if i686 has a similar calling convention, but if not and i686 being a little endian architecture, that systems are not affected by this (probably the most important platform being 32bit windows) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
https://bugreports.qt.io/browse/QTBUG-105041 this however has priority low. additionally openssl1.1 and openssl3 are not compatible in this case if libssl is loaded in runtime for 32bit this is only solvable if compiletime forces openssl version to 3 OR 1.1, but then the corresponding version MUST be loaded or someone implements a version check in runtime. Using the q_SSL_CTX_set_options funcion will not work in this case since the symbol is not unique -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
Thank you for the patch! Qt 6 still uses unsigned long: https://code.qt.io/cgit/qt/qtbase.git/tree/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp#n126 Can you please submit your patch to codereview.qt-project.org, or at least file a bug at bugreports.qt.io? We usually don't add patches that were not merged upstream. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
actually the first patch was missing something and did not compile ** Patch added: "openssl3_set_options.diff" https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+attachment/5603782/+files/openssl3_set_options.diff ** Patch removed: "openssl3_set_options.patch" https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+attachment/5603721/+files/openssl3_set_options.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
The attachment "openssl3_set_options.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
this should fix the issue this however requires openssl3.0, but that should be ok for ubuntu going forward ** Patch added: "openssl3_set_options.patch" https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+attachment/5603721/+files/openssl3_set_options.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
i think I have a trace where the issue is: openssl3 openssl's options is a uint64_t, but in qsslsocket_openssl.cpp the method is defined as long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions) long on 64bit platforms is 64 bit long, but on armhf (32bit) it is 32bit. see https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_options.html vs https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_options.html is this already fixed in qt6? the qt5.15 openssl3 is a ubuntu backport, right? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981807] Re: qt5-network openssl3 armhf does not support tls1.3
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1981807 Title: qt5-network openssl3 armhf does not support tls1.3 Status in qtbase-opensource-src package in Ubuntu: New Bug description: lsb_release Description:Ubuntu 22.04 LTS Release:22.04 libqt5network5/jammy,now 5.15.3+dfsg-2 armhf libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime). openssl supports tls1.3, so the underlying library works. x86_64 is obviously not affected the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3) QSslSocket* s = new QSslSocket(); QSslConfiguration cfg = s->sslConfiguration(); cfg.setProtocol(QSsl::TlsV1_3OrLater); s->setSslConfiguration(cfg); s->connectToHostEncrypted("tls13-enabled.server",443); s->waitForConnected(); printf("%d\n",s->sessionProtocol()); marking it as security since the most secure tls protocol is not used on some platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp