donl
commented
1 year ago Just a followup...
Installing libssl3 3.0.4-1ubuntu1 from kinetic solves the issue... (while also enabling the legacy providers)
Open donl opened 1 year ago
donl
commented
1 year ago Just a followup...
Installing libssl3 3.0.4-1ubuntu1 from kinetic solves the issue... (while also enabling the legacy providers)
FredrikWendt
commented
1 year ago Just linking things up:
adrien-n
commented
9 months ago Hi, I'm currently working on including a number of openssl patches in Ubuntu Jammy (i.e. 22.04) and the one here has the potential to break compatibility. It doesn't only affect decryption but also encryption. Two machines running Jammy should communicate successfully but after this patch is integrated (it's not guaranteed but I'm confident it will be), machines without the update and machines with the update will not be able to communicate together, just like machines without the update cannot communicate with machines with previous of subsequent openssl versions.
It's possible that you can improve the situation by explicitly setting the key length as mentionned by Tom Hughes on the report in openssl/openssl#18359
When coding to the library interface you can work around this by calling
EVP_CIPHER_CTX_set_key_lengthafter setting the cipher on the context and before setting the key to get the old behaviour.
Just following up from the discussion on the mailing list connecting tinc 1.0.36/libssl3 to older nodes and also here
Has anyone had any luck connecting the old and new systems?
This issue in openssl seemed a bit suspect.
After enabling legacy providers like this and even setting:
in the host config files, still unable to get a libssl1 host and libssl3 host to connect to each other.