[Pkg-openssl-devel] Bug#775502: Bug#775502: openssl: 1.0.1e-2+deb7u14 broke DTLS handshake with Chrome/Firefox
Kurt Roeckx
kurt at roeckx.be
Fri Jan 16 17:43:36 UTC 2015
On Fri, Jan 16, 2015 at 04:17:59PM +0300, Andrey Semashev wrote:
> Package: openssl
> Version: 1.0.1e-2+deb7u14
> Severity: important
>
> Dear Maintainer,
>
> I have an application which uses libwebrtc to communicate with third party WebRTC clients, which are mostly Chrome and Firefox browsers.
> libwebrtc used in my application is compiled with openssl support to implement DTLS encryption while Chrome and Firefox, I believe, use libnss.
>
> After the 1.0.1e-2+deb7u14 update my application fails to connect to the browsers. According to logs, DTLS handshake never completes and times out.
>
> Through experimenting I found out that the problem is with the patch for CVE-2014-3571 (0109-Fix-crash-in-dtls1_get_record-whilst-in-the-listen-s.patch).
> If I rebuild the package without that patch the application starts connecting again. It also works with 1.0.1e-2+deb7u13.
There is an upstream bug report about the patch for CVE-2014-0206
breaking it. Are you sure it's the right patch?
The fix for that issue was to use SSL_CTX_set_read_ahead() setting
it to 1. Can you check that fixes it for you?
Kurt
More information about the Pkg-openssl-devel
mailing list