[Twisted-Python] TLS broken with twisted.words.protocols.jabber

I would like to propose that #3463 (http://twistedmatrix.com/trac/ticket/3463) be additionally committed to the 8.1 branch and any other branches that still get point releases. It is a pretty critical workaround which fixes the fact that recent OpenSSL libraries cannot connect to Java based services. This means that most of the packaged versions of Twisted cannot talk to Google Talk or any Tigase or Openfire XMPP servers. Since packagers are often reluctant to upgrade very far in a particular distribution, I would like to get bug fix releases out for Twisted 8.1, etc, so that we have some hope that this problem will go away as soon as possible. jack.

On Thu, 2008-11-20 at 17:00 -0700, Jack Moffitt wrote:
I would like to propose that #3463 (http://twistedmatrix.com/trac/ticket/3463) be additionally committed to the 8.1 branch and any other branches that still get point releases. It is a pretty critical workaround which fixes the fact that recent OpenSSL libraries cannot connect to Java based services.
Why not request relevant distros to do an openssl bugfix and backport? It'd help more people than just twisted users.

On Fri, Nov 21, 2008 at 01:20:59PM -0500, Itamar Shtull-Trauring wrote:
On Thu, 2008-11-20 at 17:00 -0700, Jack Moffitt wrote:
I would like to propose that #3463 (http://twistedmatrix.com/trac/ticket/3463) be additionally committed to the 8.1 branch and any other branches that still get point releases. It is a pretty critical workaround which fixes the fact that recent OpenSSL libraries cannot connect to Java based services.
Why not request relevant distros to do an openssl bugfix and backport? It'd help more people than just twisted users.
Because it is actually a bug in Java, not in OpenSSL. It is just that recent OpenSSL versions enable a feature (Session Tickets) that is standards-wise backwards compatible. Arguably, distributions could choose to not enable the feature by default, but that doesn't have my preference. This change adds a option to choose if the feature is used, and disables it by default because there is no further support in our SSL code for it and it immediately helps fix a problem that I don't think will be resolved server-side any time soon. -- Groetjes, ralphm

On 21 Nov, 08:00 pm, twisted@ralphm.ik.nu wrote:
On Fri, Nov 21, 2008 at 01:20:59PM -0500, Itamar Shtull-Trauring wrote:
On Thu, 2008-11-20 at 17:00 -0700, Jack Moffitt wrote:
I would like to propose that #3463 (http://twistedmatrix.com/trac/ticket/3463) be additionally committed to the 8.1 branch and any other branches that still get point releases. It is a pretty critical workaround which fixes the fact that recent OpenSSL libraries cannot connect to Java based services.
Why not request relevant distros to do an openssl bugfix and backport? It'd help more people than just twisted users.
Because it is actually a bug in Java, not in OpenSSL. It is just that recent OpenSSL versions enable a feature (Session Tickets) that is standards-wise backwards compatible. Arguably, distributions could choose to not enable the feature by default, but that doesn't have my preference.
This change adds a option to choose if the feature is used, and disables it by default because there is no further support in our SSL code for it and it immediately helps fix a problem that I don't think will be resolved server-side any time soon.
If the "fix" for Twisted is to just disable this feature by default, then it should remain disabled by default for everybody. Including it in the build so that people who want it can enable it is fine, but leaving it on by default for other libraries besides Twisted seems wrong. In other words, this really has nothing to do with Twisted, and everything to do with the fact that Debian should not be screwing around with OpenSSL. Have they already forgotten what happened last time?

* glyph@divmod.com <glyph@divmod.com> [2008-11-22 02:57:41 -0000]:
In other words, this really has nothing to do with Twisted, and everything to do with the fact that Debian should not be screwing around with OpenSSL. Have they already forgotten what happened last time?
Isn't this an upstream change?
OpenSSL CHANGES _______________
Changes between 0.9.8e and 0.9.8f [11 Oct 2007] [...] *) Add RFC4507 support to OpenSSL. This includes the corrections in RFC4507bis. The encrypted ticket format is an encrypted encoded SSL_SESSION structure, that way new session features are automatically supported.
If a client application caches session in an SSL_SESSION structure support is transparent because tickets are now stored in the encoded SSL_SESSION.
The SSL_CTX structure automatically generates keys for ticket protection in servers so again support should be possible with no application modification.
If a client or server wishes to disable RFC4507 support then the option SSL_OP_NO_TICKET can be set.
Add a TLS extension debugging callback to allow the contents of any client or server extensions to be examined.
This work was sponsored by Google. [Steve Henson]
I'll admit to lack of familiarity with OpenSSL, and this functionality in particular, so maybe I'm just confused. -- mithrandi, i Ainil en-Balandor, a faer Ambar

On 22 Nov, 09:05 am, mithrandi@mithrandi.net wrote:
* glyph@divmod.com <glyph@divmod.com> [2008-11-22 02:57:41 -0000]:
In other words, this really has nothing to do with Twisted, and everything to do with the fact that Debian should not be screwing around with OpenSSL. Have they already forgotten what happened last time?
Isn't this an upstream change?
Hrm. I gleaned this from looking at some diffs to makefiles that were added to the debian package. My understanding was that the feature was disabled by default, though. Hardy, for example, already has a 'g' version of openssl as well, and the feature is not enabled there. My understanding is that upstream added the feature, but left it disabled by default, then debian turned it on in their build configuration.
OpenSSL CHANGES (...) This work was sponsored by Google. [Steve Henson]
That particular line was a little funny though.
I'll admit to lack of familiarity with OpenSSL, and this functionality in particular, so maybe I'm just confused.
Equally possible that I'm confused, though. I'm not 100% sure where the makefile that I'm loooking at diffs to came from.

* glyph@divmod.com <glyph@divmod.com> [2008-11-23 03:25:37 -0000]:
My understanding is that upstream added the feature, but left it disabled by default, then debian turned it on in their build configuration.
I guess maybe this is the problem, then: openssl (0.9.8g-7) unstable; urgency=low * Upload to unstable. -- Kurt Roeckx <kurt@roeckx.be> Wed, 13 Feb 2008 22:22:29 +0000 [...] openssl (0.9.8g-5) experimental; urgency=low * Enable tlsext. This changes the ABI, but should hopefully not cause any problems. (Closes: #462596) -- Kurt Roeckx <kurt@roeckx.be> Sat, 09 Feb 2008 13:32:49 +0100 #462596 is "openssl: Please include support for tls extensions / server name indication", which provides this motivation: Apache will probably start to support server name indication (SNI) in one of the next 2.2.x releases. To use it, TLS extension support needs to be compiled into openssl. This has been added to openssl 0.9.8f but is not activated by default.
OpenSSL CHANGES (...) This work was sponsored by Google. [Steve Henson]
That particular line was a little funny though.
Teehee :) -- mithrandi, i Ainil en-Balandor, a faer Ambar

* Tristan Seligmann <mithrandi@mithrandi.net> [2008-11-23 05:44:18 +0200]:
I guess maybe this is the problem, then:
I also noticed this:
openssl (0.9.8g-8) unstable; urgency=high
* Don't add extentions to ssl v3 connections. It breaks with some other software. (Closes: #471681)
-- Kurt Roeckx <kurt@roeckx.be> Sun, 23 Mar 2008 17:50:04 +0000
#471681 libssl0.9.8: XChat cannot connect to irc.mozilla.org:6697
When libssl0.9.8 0.9.8g-7 is installed xchat 2.8.2-1 (custom build with a ping timeout patch) and 2.8.4-2 fail to connect to irc.mozilla.org/6697 using SSL with the following message:
* Connection failed. Error: (336151568) error:14094410:SSL * routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[...]
I can reproduce your problem. It's the change between 0.9.8g-4 and 0.9.8g-5 that causes the problem that we didn't expect to break anything.
Tee hee.
[...]
So it seems that openssl is sending something different while I can't see a reason why it should be sending something different.
I guess he figured it out in the end, though. -- mithrandi, i Ainil en-Balandor, a faer Ambar

In other words, this really has nothing to do with Twisted, and everything to do with the fact that Debian should not be screwing around with OpenSSL. Have they already forgotten what happened last time?
Nothing to do with Twisted, yet this means that all my users attempt to use my code will likely fail unless they recompile their distro's openssl or upgrade to the next version (if it gets fixed upstream in a next verison). This essentially makes my code useless to many, not to mention a pain in the ass for myself. You've already committed the fix to 8.2 and trunk. All I'm asking is for a bugfix release for 8.1 and possibily 8.0. I don't understand why we are arguing about whether the fix is correct when the question is whether to backport it; it is already accepted and committed. jack.

On 22 Nov, 06:02 pm, jack@chesspark.com wrote:
In other words, this really has nothing to do with Twisted, and everything to do with the fact that Debian should not be screwing around with OpenSSL. Have they already forgotten what happened last time?
Nothing to do with Twisted, yet this means that all my users attempt to use my code will likely fail unless they recompile their distro's openssl or upgrade to the next version (if it gets fixed upstream in a next verison).
Sorry, you seem to have misunderstood me. I'm not saying "let's not backport this fix". I'm saying that backporting the fix is a band-aid; the real issue is in the openssl package. Some effort should be devoted to fixing it there. Also, you could apply an equally band-aid solution to your own code immediately. It shouldn't interfere with the band-aid in Twisted.
This essentially makes my code useless to many, not to mention a pain in the ass for myself.
You're not the only one. The only reason that a zillion people haven't noticed this already is that pidgin uses nspr/nss to talk to gtalk, not openssl.
You've already committed the fix to 8.2 and trunk. All I'm asking is for a bugfix release for 8.1 and possibily 8.0. I don't understand why we are arguing about whether the fix is correct when the question is whether to backport it; it is already accepted and committed.
As far as I'm concerned this is entirely up to the discretion of the release manager, Christopher Armstrong. For my part I'm +0, unless doing a maintenance release will actually get Ubuntu to include the fixed 8.1 in an update, in which case I'm +1. And again, I'm not against it, but I don't see the point of backporting to 8.0; who will have both twisted 8.0 and a system affected by this issue?
participants (5)
-
glyph@divmod.com
-
Itamar Shtull-Trauring
-
Jack Moffitt
-
Ralph Meijer
-
Tristan Seligmann