#1011335 libssl3: using SSL is not possible in Kmail with the update to OpenSSL3

Package:
libssl3
Source:
openssl
Description:
Secure Sockets Layer toolkit - shared libraries
Submitter:
merlin
Date:
2022-06-14 07:24:02 UTC
Severity:
important
#1011335#5
Date:
2022-05-20 09:31:47 UTC
From:
To:
Dear Maintainer,

On my computer the system installed is a Debian Sid AMD64 and I use Kmail to
receive or send messages, for 4 days I could not receive or send messages using
Kmail.
When sending a message I had and I have the following error: transport
interrupted TLS initialization failed.
When receiving messages from Yahoo or Free mailboxes I have the error:
unable to connect to server pop.xxxx the server immediately terminated the
connection.
After research the problem seems to come from SSL and precisely SSL in Debian
SID is migrating to SSL3.

#1011335#10
Date:
2022-05-20 17:20:52 UTC
From:
To:
Hi,

There is a similar report in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011138 where the
issue went away after uninstalling libssl-dev

Before you do this, could you run

dpkg -l | grep ssl

and append the output to this bugreport?

Bernhard

#1011335#15
Date:
2022-05-20 19:06:35 UTC
From:
To:
This is the output of :
dpkg -l|grep ssl
ii  flac                                                        1.3.4-1                                                   amd64        Free
Lossless Audio Codec - command line tools
ii  libapache2-mod-log-sql-ssl                                  1.100-16.3+b1
                                            amd64        Use SQL to store/write your Apache queries logs - SSL
extension
ii  libevent-openssl-2.1-7:amd64                                2.1.12-stable-5+b1
                                       amd64        Asynchronous event notification library (openssl)
ii  libflac++6v5:amd64                                          1.3.4-1                                                   amd64
       Free Lossless Audio Codec - C++ runtime library
ii  libflac-dev:amd64                                           1.3.4-1                                                   amd64
       Free Lossless Audio Codec - C development library
ii  libflac8:amd64                                              1.3.4-1                                                   amd64
       Free Lossless Audio Codec - runtime C library
ii  libflac8:i386                                               1.3.4-1                                                   i386         Free
Lossless Audio Codec - runtime C library
ii  libgnutls-openssl27:amd64                                   3.7.4-2
                                                  amd64        GNU TLS library - OpenSSL wrapper
ii  libio-socket-ssl-perl                                       2.074-2                                                   all          Perl
module implementing object oriented interface to SSL sockets
ii  libnet-smtp-ssl-perl                                        1.04-1                                                    all          Perl
module providing SSL support to Net::SMTP
ii  libnet-ssleay-perl:amd64                                    1.92-2                                                    amd64
       Perl module for Secure Sockets Layer (SSL)
ii  libssl0.9.8                                                 0.9.8o-7                                                  amd64        SSL
shared libraries
ii  libssl1.0.0:amd64                                           1.0.2d-1                                                  amd64
       Secure Sockets Layer toolkit - shared libraries
ii  libssl1.0.0:i386                                            1.0.2d-1                                                  i386
        Secure Sockets Layer toolkit - shared libraries
ii  libssl1.0.2:amd64                                           1.0.2u-1~deb9u1
                                          amd64        Secure Sockets Layer toolkit - shared libraries
ii  libssl1.1:amd64                                             1.1.1o-1                                                  amd64
       Secure Sockets Layer toolkit - shared libraries
ii  libssl3:amd64                                               3.0.3-4                                                   amd64
       Secure Sockets Layer toolkit - shared libraries
ii  libssl3:i386                                                3.0.3-4                                                   i386
        Secure Sockets Layer toolkit - shared libraries
ii  libwavpack1:amd64                                           5.4.0-1                                                   amd64
       audio codec (lossy and lossless) - library
ii  libwavpack1:i386                                            5.4.0-1                                                   i386
        audio codec (lossy and lossless) - library
ii  libzstd1:amd64                                              1.5.2+dfsg-1                                              amd64
       fast lossless compression algorithm
ii  libzstd1:i386                                               1.5.2+dfsg-1                                              i386
        fast lossless compression algorithm
ii  mp3gain                                                     1.6.2-2                                                   amd64
       Lossless mp3 normalizer with statistical analysis
ii  openssl                                                     3.0.3-4                                                   amd64
       Secure Sockets Layer toolkit - cryptographic utility
ii  openssl-blacklist                                           0.5-3                                                     all
         Blacklists for  OpenSSL RSA keys and tools
ii  perl-openssl-defaults:amd64                                 7+b1
                                                     amd64        version compatibility baseline for Perl OpenSSL
packages
ii  python-openssl                                              19.0.0-1                                                  all
         Python 2 wrapper around the OpenSSL library
ii  python3-brotli                                              1.0.9-2+b3                                                amd64
       lossless compression algorithm and format (Python 3 version)
ii  python3-img2pdf                                             0.4.4-2                                                   all
         Lossless conversion of raster images to PDF (library)
ii  ssl-cert                                                    1.1.2                                                     all          simple
debconf wrapper for OpenSSL
ii  wavpack                                                     5.4.0-1                                                   amd64
       audio codec (lossy and lossless) - encoder and decoder
ii  zstd                                                        1.5.2+dfsg-1                                              amd64        fast
lossless compression algorithm -- CLI tool

#1011335#20
Date:
2022-05-22 15:54:22 UTC
From:
To:
using
Debian
any issue with smtp.free.fr or imap.free.fr

Free recommends to use STARTTLS on smtp connection [1]. Could check your
configuration ?

All the best

PS: this reply is posted via smtp.free.fr

[1] https://assistance.free.fr/articles/configurer-de-maniere-avancee-votre-logiciel-de-messagerie-609

#1011335#25
Date:
2022-06-06 19:22:41 UTC
From:
To:
The non-functioning of SSL in version 3 is still relevant. Another example of
its failure is given by a screenshot in p.J. this is a KDE bug report
regarding Kdeconnect it says in French "impossible to contact bug.kde.org SSL
negotiation with bug.kde.org failed.
I guess I'm one of the few who has this problem, I noticed that as my first
Debian installation is old there are several versions of libssl active: 0.9.8,
1.0.0, 1.0.2, 1.1, 3.0 would not create this problem.
Another supposition an initialization or configuration file which should not be
there in version 3 exists on my computer, yes but which one to look for?

#1011335#30
Date:
2022-06-09 06:00:40 UTC
From:
To:
That screenshot is not helping. There is -7 update of openssl, try that
please. Also do
	apt autoremove --purge
	aptitude search ~o

and remove dangling packages. As of sid, you should only need libssl1.1
and libssl3.0. The aptitide command above lists all packages which are
installed but not on the archive server (because they have been
removed).

If you still experience I would like to see if
	openssl s_client -connect $server:$port

works or shows any problems.

Sebastian

#1011335#35
Date:
2022-06-10 13:14:29 UTC
From:
To:
I can say that for me the problem is solved.
To achieve this solution I removed libssl version 0.98 and 1.0 here is the
output of the removal commands for info.
Start-Date: 2022-06-09 15:05:15
Commandline: apt remove libssl0.9.8 --purge
Purge: libisccfg60:amd64 (1:9.7.1.dfsg.P2-2), libopal3.6.6:amd64
(3.6.6~dfsg-6), libpt2.6.5-plugins:amd64 (2.6.5-1), libssl0 .9.8:amd64
(0.9.8o-7), libdns53:amd64 (1:9.6.1.dfsg.P3-1), libdns64:amd64
(1:9.7.0.dfsg.P1-1), libdns66:amd64 ( 1:9.7.1.dfsg.P2-2), libpt2.6.5:amd64
(2.6.5-1), python2.5:amd64 (2.5.5-11)
End-Date: 2022-06-09 15:05:22

Start-Date: 2022-06-09 15:10:26
Commandline: apt remove libssl1.0.0 --purge
Purge: libopal3.10.4:amd64 (3.10.4~dfsg-3), ruby1.9.1:amd64 (1.9.3.484-2),
libavdevice55:amd64 (10:2.3.3-dmo3), php5-readline:amd64 (5.6) .
30+dfsg-0+deb8u1), libgit2-22:amd64 (0.22.2-2), libruby2.0:amd64
(2.0.0.484+really457-3), libruby2.1:amd64 (2.1.5-4) , libssl1.0.0:amd64
(1.0.2d-1), jitsi:amd64 (2.4.4997-1.2), libpython3.3:amd64 (3.3.5-1),
libjitsi-jni:amd64 (2.4.4997-1.2) , php5-cli:amd64 (5.6.30+dfsg-0+deb8u1),
ruby2.0:amd64 (2.0.0.484+really457-3), ruby2.1:amd64 (2.1.5-4), libpython3.3-
stdlib:amd64 (3.3.5-1), libdns81:amd64 (1:9.8.1.dfsg.P1-4.4),
libpt2.10.4:amd64 (2.10.4~dfsg-1), libapache2-mod-php5:amd64
(5.6.30+dfsg-0+deb8u1), libavformat55:amd64 (10:2.3.3-dmo3), libpython3.3-
minimal:amd64 (3.3.5-1), python2.6:amd64 (2.6.8- 2), python3.3:amd64
(3.3.5-1), python2.6-minimal:amd64 (2.6.8-2), python3.3-minimal:amd64
(3.3.5-1), libruby1.9.1: amd64 (1.9.3.484-2), libavfilter3:amd64 (10:2.1.4-
dmo2), libavfilter4:amd64 (10:2.3.3-dmo3)
End-Date: 2022-06-09 15:10:44
it seems that removing libssl1.0 fixes the issue it also fixed the issue
regarding Kdeconnect.
Thanks to Sebastian Andrzej Siewior for the advice.

#1011335#40
Date:
2022-06-13 19:36:54 UTC
From:
To:
…

perfect. I'm closing this since the reported claims the problem is gone.

Dominique, if there is still something bothering you, please say so.

Sebastian

#1011335#41
Date:
2022-06-14 07:20:35 UTC
From:
To:
No issue on my side. You can close this bug.

All the best