** Description changed: Hello! After upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 openssl 1.1.1-1ubuntu2.1~18.04.2 on Ubuntu 18.04 server clients can't connect to ejabberd server: 2019-06-15 15:56:26.431 [warning] <0.858.0>@ejabberd_c2s:process_terminated:290 (tls|<0.858.0>) Failed to secure c2s connection: TLS failed: client renegotiations forbidden - ejabberd version is 18.01-2 which is from Ubuntu 18.04. - As far as I know ejabberd can work with openssl 1.1.1 only from 18.09 + As far as I know ejabberd can work with openssl 1.1.1 only from 18.09 https://blog.process-one.net/ejabberd-18-09/ OpenSSL 1.1.1 support Either ejabberd in 18.04 should be updated or openssl should not be upgraded to 1.1.1 on 18.04 . Thank you! + + + == erlang-p1-tls == + + Looking at all upstream patches since 1.0.20 (current bionic) these are + the useful ones: + + 0002-Specify-accepted-Client-CAs-during-handshake.patch + - quite small fixes Client CA negotiation + + 0013-Update-cert-used-by-test-to-use-sha256-signature.patch + - updates test cert to a stronger one + + 0014-Add-no_tlsv1_3-option-parsing-from-openssl1.1.patch + - tiny, andd "no_tlsv1_3" option + + 0016-Improve-tests-to-make-them-work-with-openssl1.1.patch + - testsuite fixes + + 0022-Use-SSL_OP_NO_RENEGOTIATION-when-available.patch + - needed to fix this bug, do not attempt renegotiation as that is no longer supported. Just ifdefs. + + + There are also patches that add new apis, to rebuild cert caches, and query negotiated protocols, but meh.
** Also affects: openssl (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ejabberd (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: erlang-p1-tls (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: erlang-p1-tls (Ubuntu) Status: Confirmed => Fix Released ** No longer affects: openssl (Ubuntu Bionic) ** No longer affects: openssl (Ubuntu) ** No longer affects: ejabberd (Ubuntu Bionic) ** No longer affects: ejabberd (Ubuntu) ** Changed in: erlang-p1-tls (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832933 Title: upgrade to libssl1.1 1.1.1-1ubuntu2.1~18.04.2 breaks ejabbrd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/erlang-p1-tls/+bug/1832933/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs