*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
lsb_release
Description: Ubuntu 22.04 LTS
Release: 22.04
libqt5network5/jammy,now 5.15.3+dfsg-2 armhf
libssl3/jammy-updates,jammy-security,now 3.0.2-0ubuntu1.6 armhf
the qt5 armhf version shipped with ubuntu jammy has a regression in
tls1.3 support (simply missing in runtime).
openssl supports tls1.3, so the underlying library works.
x86_64 is obviously not affected
the short sample applications writes -1 on armhf, 15 on x86_64 (unknown
protocol vs tls1.3)
QSslSocket* s = new QSslSocket();
QSslConfiguration cfg = s->sslConfiguration();
cfg.setProtocol(QSsl::TlsV1_3OrLater);
s->setSslConfiguration(cfg);
s->connectToHostEncrypted("tls13-enabled.server",443);
s->waitForConnected();
printf("%d\n",s->sessionProtocol());
marking it as security since the most secure tls protocol is not used on
some platforms
** Affects: qtbase-opensource-src (Ubuntu)
Importance: Undecided
Status: New
--
qt5-network openssl3 armhf does not support tls1.3
https://bugs.launchpad.net/bugs/1981807
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
