There also is an issue with the openssl package in Lucid, which was worked
around with the postfix fix.
Adding openssl to this bug since it's better if we fix both.
** Also affects: openssl (Ubuntu)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: postfix (Ubuntu Lucid)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu Precise)
Status: New => Invalid
** Changed in: openssl (Ubuntu)
Status: New => Invalid
** Changed in: openssl (Ubuntu Lucid)
Status: New => Confirmed
** Changed in: openssl (Ubuntu Lucid)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: postfix (Ubuntu Lucid)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1356843
Title:
ccs received early errors after openssl security update
Status in “openssl” package in Ubuntu:
Invalid
Status in “postfix” package in Ubuntu:
Fix Released
Status in “openssl” source package in Lucid:
Confirmed
Status in “postfix” source package in Lucid:
Invalid
Status in “openssl” source package in Precise:
Invalid
Status in “postfix” source package in Precise:
Fix Released
Bug description:
SRU request:
[Impact]
The CVE-2014-0224 update for openssl will now reject CCS messages when
they are received before encryption is negotiated. This has caused an
issue for certain sites attempting to send mail to Ubuntu 12.04
servers running postfix. It turns out there is an incompatibility
between postfix in Ubuntu 12.04 and openssl in 12.04 that mishandles
session ids. This was fixed in Postfix 2.10.2, and the minimal fix is
included in this debdiff.
[Test Case]
Server A = Ubuntu 10.04 with postfix configured to forward mail, ie:
relayhost = server b's FQDN
smtp_tls_security_level = encrypt
Server B = Ubuntu 12.04 with postfix configured to receive mail with
forced tls:
smtpd_tls_security_level = encrypt
Send more than one mail from Server A to Server B, and see if the following
error appears in mail.log:
warning: TLS library problem: 31807:error:14094085:SSL
routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146:
[Regression potential]
This patch disables TLS session tickets, which is what later postfix versions
do. If this introduces a regression, it may cause TLS to ether fail completely,
or to break when resuming sessions.
Original description:
Postfix is causing a TLS error, when relaying mails with TLS encryption:
warning: TLS library problem: 31807:error:14094085:SSL
routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146:
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1356843/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
