Bug 1284776 - [PATCH] TLS Protocols not supported
[PATCH] TLS Protocols not supported
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: proxytunnel (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Mykola Ulianytskyi
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-24 03:33 EST by Paul Howarth
Modified: 2016-04-13 03:24 EDT (History)
2 users (show)

See Also:
Fixed In Version: proxytunnel-1.9.1-1.fc24 proxytunnel-1.9.1-1.fc23
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-05 06:10:58 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch against current git to update to 1.9.1 and add TLS support (2.80 KB, patch)
2015-11-24 03:33 EST, Paul Howarth
no flags Details | Diff

  None (edit)
Description Paul Howarth 2015-11-24 03:33:47 EST
Created attachment 1098063 [details]
Patch against current git to update to 1.9.1 and add TLS support

The current version of proxytunnel (1.9.0) does not support TLS protocols and is therefore incompatible with default Fedora 23 servers such as httpd with mod_proxy_connect and mod_ssl, where the OpenSSL system profile disables older, less secure protocols such as SSLv2 and SSLv3. The result of this is that connection attempts to servers that have not explicitly re-enabled SSLv2 fail with a less than helpful error message:

$ ssh my-remote.example.com
SSL local to remote proxy enabled
Enter remote proxy password for user paul: 
Local proxy myproxy.example.com resolves to 10.120.34.200
Connected to myproxy.example.com:8080 (local proxy)

Tunneling to my-remote.example.com:443 (remote proxy)
Communication with local proxy:
 -> CONNECT my-remote.example.com:443 HTTP/1.0
 -> Proxy-Connection: Keep-Alive
 -> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
 <- HTTP/1.0 200 Connection established

Tunneling to my-remote.example.com:22 (destination)
Communication with remote proxy:
 -> CONNECT my-remote.example.com:22 HTTP/1.0
 -> Proxy-Authorization: Basic cGF2bDpzc3wcm94eTY3MTA=
 -> Proxy-Connection: Keep-Alive
 -> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
error: Socket write error.
ssh_exchange_identification: Connection closed by remote host

There is a fix for this that has already been merged in upstream git:
https://github.com/proxytunnel/proxytunnel/pull/9

I have attached a patch against the proxytunnel package in Fedora git that updates it to the current upstream release 1.9.1, fixes the failure to build in Rawhide (#1239800), and adds the TLS-enabling patch from upstream. The resulting build works for me.

I am happy to co-maintain this package if you are busy at the moment.
Comment 1 Fedora Update System 2016-03-31 05:25:21 EDT
proxytunnel-1.9.1-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b17da9f49
Comment 2 Fedora Update System 2016-03-31 05:25:28 EDT
proxytunnel-1.9.1-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-26d783e326
Comment 3 Fedora Update System 2016-04-01 11:24:06 EDT
proxytunnel-1.9.1-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b17da9f49
Comment 4 Fedora Update System 2016-04-01 16:55:17 EDT
proxytunnel-1.9.1-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-26d783e326
Comment 5 Fedora Update System 2016-04-05 06:10:52 EDT
proxytunnel-1.9.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2016-04-13 03:24:13 EDT
proxytunnel-1.9.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.