connecting tinc 1.0.36/libssl3 to older nodes?

Nathan Stratton Treadway nathanst at ontko.com
Wed May 18 13:18:56 CEST 2022


On Wed, May 18, 2022 at 08:16:53 +0200, Guus Sliepen wrote:
> On Wed, May 18, 2022 at 01:28:31AM -0400, Nathan Stratton Treadway wrote:
> 
> > Thus, I believe Xenial's tinc 1.0.26 is attempting to use
> > EVP_bf_ofb()/EVP_sha1() when setting up the metadata connection -- and
> > that nothing else related to the metadata connection setup changed
> > between 1.0.26 and 1.0.33....
> 
> That's correct.

[...]
> > Does anyone have any suggestions of additional changes to either the
> > openssl.cnf override file on the Jammy node or the Tinc config files
> > that would allow Xenial and Jammy nodes to interoperate on the network
> > while we work to upgrade the all the old network nodes?
> 
> This is very annoying of course, but I don't see any option but to
> either upgrade tinc on Xenial or to downgrade tinc's OpenSSL library on
> Jammy. Upgrading tinc on Xenial might be the easiest option, it means

Do you have any sense of what what libssl operation is failing in the
1.0.26 <-> 1.0.36/libssl3 case, once my openssl.cnf configuration is
such that I get past the error:0308010C:digital envelope
routines::unsupported" errors?  

(As far as I can tell, the "Bogus data received from" message is
generated in the protocol.c:receive_request() function.)

In other words, is there something related to  EVP_bf_ofb() or EVP_sha1()
that is actually still failing, or is there some other libssl call that
would come into play during the CHALLENGE/CHAL_REPLY phase of the
negotiation?

						Nathan

----------------------------------------------------------------------------
Nathan Stratton Treadway  -  nathanst at ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239


More information about the tinc mailing list