Public bug reported: ejabberd 18.01-2 on Bionic. Bad: openssl/libssl1.1 1.1.1-1ubuntu2.1~18.04.4 Good: openssl/libssl1.1 1.1.0g-2ubuntu4.3
This hit the Bionic security pocket yesterday, so everyone who uses unattended-upgrades for security only (which is the default) will have received this overnight. Workaround: downgrade openssl/libssl1.1 to 1.1.0g-2ubuntu4.3 using old builds that are available from https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3 (follow the architecture link eg. "amd64") The error logged by ejabberd is: 2019-08-21 06:52:28.402 [warning] <0.539.0>@ejabberd_c2s:process_terminated:290 (tls|<0.539.0>) Failed to secure c2s connection: TLS failed: client renegotiations forbidden ** Affects: ejabberd (Ubuntu) Importance: Undecided Status: New ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Affects: ejabberd (Ubuntu Bionic) Importance: Critical Status: New ** Affects: openssl (Ubuntu Bionic) Importance: Critical Status: New ** Tags: regression-update ** Also affects: ejabberd (Ubuntu) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ejabberd (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: ejabberd (Ubuntu Bionic) Importance: Undecided => Critical ** Changed in: openssl (Ubuntu Bionic) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1840902 Title: ejabberd fails incoming connections with "Failed to secure c2s connection: TLS failed: client renegotiations forbidden" Status in ejabberd package in Ubuntu: New Status in openssl package in Ubuntu: New Status in ejabberd source package in Bionic: New Status in openssl source package in Bionic: New Bug description: ejabberd 18.01-2 on Bionic. Bad: openssl/libssl1.1 1.1.1-1ubuntu2.1~18.04.4 Good: openssl/libssl1.1 1.1.0g-2ubuntu4.3 This hit the Bionic security pocket yesterday, so everyone who uses unattended-upgrades for security only (which is the default) will have received this overnight. Workaround: downgrade openssl/libssl1.1 to 1.1.0g-2ubuntu4.3 using old builds that are available from https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3 (follow the architecture link eg. "amd64") The error logged by ejabberd is: 2019-08-21 06:52:28.402 [warning] <0.539.0>@ejabberd_c2s:process_terminated:290 (tls|<0.539.0>) Failed to secure c2s connection: TLS failed: client renegotiations forbidden To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ejabberd/+bug/1840902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
