[BPO] openssl/3.0.5-2ubuntu2 from kinetic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Humbly requesting backporting OpenSSL 3.0.5-2ubuntu2 from kinetic to jammy.
[Impact]
From the OpenSSL 3.0 migration guide:
(https:/
"Secure renegotiation is now required by default for TLS connections
Support for RFC 5746 secure renegotiation is now required by default for SSL or TLS connections to succeed. Applications that require the ability to connect to legacy peers will need to explicitly set SSL_OP_
------------
OpenSSL 3.0.2 doesn't allow you to enable UnsafeLegacySer
Users are recommending enabling UnsafeLegacyRen
When this is enabled, it makes OpenSSL 3 less secure than 1.1.1 (which is what the previous LTS, Focal, uses).
Backporting the newer OpenSSL 3.0.5 would allow users to enable UnsafeLegacyCon
[Scope]
Backport OpenSSL 3.0.5-2ubuntu2 from kinetic
Backport to jammy
[Other Info]
Other places where users are recommending enabling UnsafeLegacyRen
https:/
https:/
https:/
OpenSSL is one of those tricky things out there I would like to get a Security insight for before we do any kind of backporting of it. There's other things this could impact, backports or not.