[Bug 1256576] [NEW] Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2

[Jeffrey Walton]

Public bug reported:

The long term support version of Ubuntu 12.04 provides OpenSSL 1.0.0. A
wireshark trace shows the version of OpenSSL used by Ubuntu does not
support TLS 1.2. According to the change logs, TLS 1.2 support was added
14 March 2012. The change log can be found at
http://www.openssl.org/news/changelog.html, and the TLS additions can be
found under the heading "Changes between 1.0.0h and 1.0.1".

$ ldd /usr/lib/x86_64-linux-gnu/libssl.so
    linux-vdso.so.1 =>  (0x00007fffd9d84000)
    libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(0x00007f1e0691e000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1e0655e000)
    libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1e06359000)
    libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1e06142000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f1e06f6d000)

***********

OpenSSL 1.0.1 is compatible with 1.0.0. From the OpenSSL FAQ
(http://www.openssl.org/support/faq.html):

8. How does the versioning scheme work?

After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
releases (e.g. 1.0.1a) can only contain bug and security fixes and no
new features. Minor releases change the last number (e.g. 1.0.2) and can
contain new features that retain binary compatibility. Changes to the
middle number are considered major releases and neither source nor
binary compatibility is guaranteed.

**********

By the way, its nearly impossible to file a bug report through the
launch pad. The maze that's been created is impossible to navigate, and
its worse than one of those phone menu systems. I had to look up the URL
to file at http://www.cryptopp.com/wiki/Talk:Linux. Great job to the
designers of the system. Its probably the same idiots who thought a
tablet manager was a great idea on the desktop..

** Affects: ubuntu
     Importance: Undecided
         Status: New


** Tags: 1.2 openssl tls

** Attachment added: "Wireshark trace of OpenSSL client using TLS 1.0 and 
above."
   
https://bugs.launchpad.net/bugs/1256576/+attachment/3920478/+files/ubuntu-12-wireshark.png

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1256576

Title:
  Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not
  support TLS 1.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1256576/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs