Bug 1749068
Summary: | OpenSSL generates malformed status_request extension in CertificateRequest message in TLS 1.3 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Hubert Kario <hkario> |
Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED ERRATA | QA Contact: | Hubert Kario <hkario> |
Severity: | medium | Docs Contact: | Jan Fiala <jafiala> |
Priority: | medium | ||
Version: | 8.0 | CC: | elpereir, igkioka, mjahoda, pasik, tmraz |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 8.2 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openssl-1.1.1c-9.el8 | Doc Type: | Known Issue |
Doc Text: |
.OpenSSL generates a malformed `status_request` extension in the `CertificateRequest` message in TLS 1.3
OpenSSL servers send a malformed `status_request` extension in the `CertificateRequest` message if support for the `status_request` extension and client certificate-based authentication are enabled. In such case, OpenSSL does not interoperate with implementations compliant with the `RFC 8446` protocol. As a result, clients that properly verify extensions in the `CertificateRequest` message abort connections with the OpenSSL server.
To work around this problem, disable support for the TLS 1.3 protocol on either side of the connection or disable support for `status_request` on the OpenSSL server. This will prevent the server from sending malformed messages.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 16:51:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Hubert Kario
2019-09-04 19:31:12 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1840 FEDORA-EPEL-2020-ff94ccbdec has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report. |