On Wed, May 18, 2022 at 13:37:46 -0000, Simon Chopin wrote: > Could you give more details about what happens when using the legacy > providers?
The short version is that by enabling the legacy provider and setting SECLEVEL to 1, I'm able to get past the "digital envelope routines::unsupported" error during the tinc metadata channel setup... but the Jammy node still (just a step or two later in the negotiation process) reports a "Bogus data received from" error and then aborts the connection. The "Bogus data received from" error is a tinc error message, but as far as I can tell the likely trigger for that message is some sort of failure to decrypt incoming data by the OpenSSL library -- and since Focal, Impish and Jammy all have exactly the same tinc version, it would seem the issue is libssl3-related... but I am not sure precisely how.... You can find additional details in this tinc-mailing-list thread: https://www.tinc-vpn.org/pipermail/tinc/2022-May/005598.html (but so far the discussion there hasn't managed to narrow down the exact interaction between tinc and libssl that's causing the problem). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes Status in Release Notes for Ubuntu: New Status in openssl package in Ubuntu: New Status in tinc package in Ubuntu: New Bug description: The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1). (Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.) The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5): Error during initialisation of cipher from tinc_xenial [...] error:0308010C:digital envelope routines::unsupported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
