bugzilla-daemon at mindrot.org
2024-Nov-21 02:39 UTC
[Bug 3756] New: ssh connection breaks after openssl is upgraded
https://bugzilla.mindrot.org/show_bug.cgi?id=3756
Bug ID: 3756
Summary: ssh connection breaks after openssl is upgraded
Product: Portable OpenSSH
Version: 8.7p1
Hardware: 68k
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: gtapase at ddn.com
On a el9.3 system, when openssl is upgraded from version
3.0.7-25.el9_3.x86_64 to 3.2.2-6.el9_5, it breaks ssh connection with
sshd[39580]: OpenSSL version mismatch. Built against 30000070, you have
30200020
This causes the system to be unavailable for ssh connections.
kex_exchange_identification: read: Connection reset by peer
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-03 12:27 UTC
[Bug 3756] ssh connection breaks after openssl is upgraded
https://bugzilla.mindrot.org/show_bug.cgi?id=3756
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |dtucker at dtucker.net
Resolution|--- |FIXED
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
OpenSSL changed their binary compatibility policy between 1.1 and 3.x
series, but we didn't notice that for a while.
We updated our compat checking code in
https://github.com/openssh/openssh-portable/commit/b7afd8a4ecaca8afd3179b55e9db79c0ff210237
which was first in the 9.4p1 release. You're using a version older
than that, which incorrectly applies the 1.1.x policy to the 3.x
series.
If you are using a vendor-supplied OpenSSH binary, you'll need to talk
to them about backporting and/or rebuilding. If you're using a binary
you built yourself, you'll need to either rebuild, backport the patch
and rebuild, or update to a newer version and rebuild. There's nothing
that we can do that we have not already done.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Seemingly Similar Threads
- [Bug 3755] New: ssh connection breaks after openssl is upgraded
- /include/config/.PINCTRL_EMMITSBURG.fUespu","security.selinux") failed: Operation not supported (95)
- [Bug 3777] New: error: kex_exchange_identification: Connection closed by remote host
- ProxyJump: Connection reset by peer
- [Bug 3582] New: Confusing error message when using ProxyJump