Oops, forgot about that. Done.
Also, ABI is not affected. We have symbols to track ABI, and there are
no symbols changes for libqt5network5.
** Description changed:
+ [Impact]
+
+ Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to
+ less secure protocols.
+
+ [Test Plan]
+
+ 1. Create test.cpp with the following contents:
+
+ #include <QtCore/QCoreApplication>
+ #include <QtCore/QDebug>
+ #include <QtNetwork/QSslConfiguration>
+ #include <QtNetwork/QSslSocket>
+
+ int main(int argc, char **argv) {
+ QCoreApplication app(argc, argv);
+ QSslSocket s;
+ QSslConfiguration cfg = s.sslConfiguration();
+ cfg.setProtocol(QSsl::TlsV1_3OrLater);
+ s.setSslConfiguration(cfg);
+ s.connectToHostEncrypted("www.ubuntu.com", 443);
+ s.waitForConnected();
+ qDebug() << s.sessionProtocol();
+ return 0;
+ }
+
+ 2. Create test.pro with the following contents:
+
+ CONFIG += debug warn_all
+ QT = core network
+ SOURCES = test.cpp
+
+ 3. Install qtbase5-dev package.
+
+ 4. Compile using `qmake && make`.
+
+ 5. Run the generated ./test executable. It should print 15, not -1.
+
+ [Where problems could occur]
+
+ It is unlikely to cause issues on 64-bit platforms because long and
+ uint64_t are both 64 bits long. On armhf potential problems may be
+ related to availability of other protocols.
+
+ [Original Description]
+
lsb_release
Description: Ubuntu 22.04 LTS
Release: 22.04
libqt5network5/jammy,now 5.15.3+dfsg-2 armhf
libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf
the qt5 armhf version shipped with ubuntu jammy has a regression in
tls1.3 support (simply missing in runtime).
openssl supports tls1.3, so the underlying library works.
x86_64 is obviously not affected
the short sample applications writes -1 on armhf, 15 on x86_64 (unknown
protocol vs tls1.3)
QSslSocket* s = new QSslSocket();
QSslConfiguration cfg = s->sslConfiguration();
cfg.setProtocol(QSsl::TlsV1_3OrLater);
s->setSslConfiguration(cfg);
s->connectToHostEncrypted("tls13-enabled.server",443);
s->waitForConnected();
printf("%d\n",s->sessionProtocol());
marking it as security since the most secure tls protocol is not used on
some platforms
** Changed in: qtbase-opensource-src (Ubuntu Jammy)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1981807
Title:
qt5-network openssl3 armhf does not support tls1.3
Status in qtbase-opensource-src package in Ubuntu:
Fix Released
Status in qtbase-opensource-src source package in Jammy:
Confirmed
Bug description:
[Impact]
Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to
less secure protocols.
[Test Plan]
1. Create test.cpp with the following contents:
#include <QtCore/QCoreApplication>
#include <QtCore/QDebug>
#include <QtNetwork/QSslConfiguration>
#include <QtNetwork/QSslSocket>
int main(int argc, char **argv) {
QCoreApplication app(argc, argv);
QSslSocket s;
QSslConfiguration cfg = s.sslConfiguration();
cfg.setProtocol(QSsl::TlsV1_3OrLater);
s.setSslConfiguration(cfg);
s.connectToHostEncrypted("www.ubuntu.com", 443);
s.waitForConnected();
qDebug() << s.sessionProtocol();
return 0;
}
2. Create test.pro with the following contents:
CONFIG += debug warn_all
QT = core network
SOURCES = test.cpp
3. Install qtbase5-dev package.
4. Compile using `qmake && make`.
5. Run the generated ./test executable. It should print 15, not -1.
[Where problems could occur]
It is unlikely to cause issues on 64-bit platforms because long and
uint64_t are both 64 bits long. On armhf potential problems may be
related to availability of other protocols.
[Original Description]
lsb_release
Description: Ubuntu 22.04 LTS
Release: 22.04
libqt5network5/jammy,now 5.15.3+dfsg-2 armhf
libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf
the qt5 armhf version shipped with ubuntu jammy has a regression in
tls1.3 support (simply missing in runtime).
openssl supports tls1.3, so the underlying library works.
x86_64 is obviously not affected
the short sample applications writes -1 on armhf, 15 on x86_64 (unknown
protocol vs tls1.3)
QSslSocket* s = new QSslSocket();
QSslConfiguration cfg = s->sslConfiguration();
cfg.setProtocol(QSsl::TlsV1_3OrLater);
s->setSslConfiguration(cfg);
s->connectToHostEncrypted("tls13-enabled.server",443);
s->waitForConnected();
printf("%d\n",s->sessionProtocol());
marking it as security since the most secure tls protocol is not used
on some platforms
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1981807/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
