[04:58] No idea about this PPA's future, I only know it's there now... [05:02] what about alkisg ? === lotuspsychje_ is now known as lotuspsychje [05:03] About the firefox PPA mentioned above [05:03] oh, i wasnt folowwing [10:49] Hello, I need some help, this morning the audio output has suddenly disappeared, I can only see "Dummy Output". I tried to reinstall alsa and to add the line "options snd-hda-intel model=generic" at the end of alsa-base.conf with no luck, can you guys help me? I'm on ubuntu 22.04 [16:36] Hello ! I need info or help about what appears to be related to OpenSSL 3.0 coming with Jammy [16:38] dominique: please state your issue in the channel, so volunteers can help debug you better [16:40] Problem happens with python3 request module, used by a script we use to connect our Global Protect VPN. [16:41] Using python3, >>> import requests [16:41] >>> import requests [16:41] >>> r = requests.get(' [16:42] >>> r = requests.get('some_server_apparently_not_supporting_legacy_renegotiation') [16:43] Traceback (most recent call last): [16:43] File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen [16:43] httplib_response = self._make_request( [16:43] File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request [16:43] self._validate_conn(conn) [16:43] File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn [16:43] conn.connect() [16:43] File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect [16:43] self.sock = ssl_wrap_socket( [16:43] File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket [16:43] ssl_sock = _ssl_wrap_socket_impl( [16:43] File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl [16:43] return ssl_context.wrap_socket(sock, server_hostname=server_hostname) [16:43] File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket [16:43] return self.sslsocket_class._create( [16:43] File "/usr/lib/python3.10/ssl.py", line 1070, in _create [16:43] self.do_handshake() [16:43] File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake [16:43] self._sslobj.do_handshake() [16:43] ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997) [16:43] During handling of the above exception, another exception occurred: [16:43] Traceback (most recent call last): [16:43] File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send [16:43] resp = conn.urlopen( [16:43] File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen [16:43] retries = retries.increment( [16:43] File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment [16:43] raise MaxRetryError(_pool, url, error or ResponseError(cause)) [16:43] urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='vpn-mtl.intelerad.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) [16:43] During handling of the above exception, another exception occurred: [16:43] Traceback (most recent call last): [16:43] File "", line 1, in [16:43] File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get [16:43] return request('get', url, params=params, **kwargs) [16:43] File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request [16:43] return session.request(method=method, url=url, **kwargs) [16:44] File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request [16:44] resp = self.send(prep, **send_kwargs) [16:44] File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send [16:44] r = adapter.send(request, **kwargs) [16:44] File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send [16:44] raise SSLError(e, request=request) [16:44] requests.exceptions.SSLError: HTTPSConnectionPool(host='vpn-mtl.intelerad.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) [16:44] >>> [16:44] !paste | dominique [16:44] dominique: For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [16:45] oh ! sorry, first time here. [16:46] dont worry dominique i should have mentioned it in the first place [16:46] no worries dominique :) [16:47] >>> import requests [16:48] >>> r = requests.get('https://vpn-mtl.intelerad.com') [16:48] Traceback (most recent call last): [16:48] File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen [16:48] httplib_response = self._make_request( [16:48] File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request [16:48] self._validate_conn(conn) [16:48] File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn [16:48] conn.connect() [16:48] File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect [16:48] self.sock = ssl_wrap_socket( [16:48] File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket [16:48] ssl_sock = _ssl_wrap_socket_impl( [16:48] File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl [16:48] return ssl_context.wrap_socket(sock, server_hostname=server_hostname) [16:48] File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket [16:48] return self.sslsocket_class._create( [16:48] File "/usr/lib/python3.10/ssl.py", line 1070, in _create [16:48] self.do_handshake() [16:48] File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake [16:48] self._sslobj.do_handshake() [16:48] ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997) [16:48] During handling of the above exception, another exception occurred: [16:48] Traceback (most recent call last): [16:48] File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send [16:48] resp = conn.urlopen( [16:48] File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen [16:48] retries = retries.increment( [16:48] File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment [16:48] raise MaxRetryError(_pool, url, error or ResponseError(cause)) [16:48] urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='vpn-mtl.intelerad.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) [16:48] During handling of the above exception, another exception occurred: [16:48] Traceback (most recent call last): [16:48] File "", line 1, in [16:48] File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get [16:48] return request('get', url, params=params, **kwargs) [16:48] File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request [16:48] return session.request(method=method, url=url, **kwargs) [16:48] File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request [16:48] resp = self.send(prep, **send_kwargs) [16:48] File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send [16:49] r = adapter.send(request, **kwargs) [16:49] File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send [16:49] raise SSLError(e, request=request) [16:49] requests.exceptions.SSLError: HTTPSConnectionPool(host='vpn-mtl.intelerad.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) [16:49] hummm.... [16:49] oh got it. [16:49] here : https://paste.ubuntu.com/p/PRrQDgJm8y/ [16:50] dominique: Another accidental paste like this I'd avoid btw.. [16:52] Got it. That was the last. I saw that big green "Copy to clipboard" button and, I didn't had any coffee yet. [16:55] I did the exact same from a VM with Ubuntu 21.10. No issue. Python requests module is the same version, openssl is 1.1.1l (I think) [16:56] dominique: is this you? bug #1960268 [16:56] Bug 1960268 in openssl (Ubuntu) "SSL handshake failed - VPN SSL broken in 22.04" [Undecided, New] https://launchpad.net/bugs/1960268 [16:57] no [16:58] i mean, does this affect your case [16:58] for linux users at our place, we use gp-saml-gui [16:59] https://github.com/dlenski/gp-saml-gui [16:59] not familiar with that myself [17:01] his script opens a browser from where we authenticate, on success it outputs a openconnect string we can use to open the VPN connection. [17:01] dominique: here's the list of most recent openssl bugs on ubuntu; https://bugs.launchpad.net/ubuntu/+source/openssl/+bugs?orderby=importance&start=0 [17:03] dominique: if you dont feel, your bug is present there, you could consider filing a new !bug from a terminal; ubuntu-bug openssl [17:03] excellent [17:04] and share the bug ID here after, maybe more logs/info might be able to enlight your issue [17:05] Will do. Found nothing about UNSAFE_LEGACY_RENEGOTIATION_DISABLED. Cost nothing to open one and wee where it lands. [17:05] Thanks for the help. [17:05] welcome dominique [17:11] i guess (have not checked) that openssl 3.0 disables / removes support for unsafe legacy renegotiation. earlier openssl releases still supported it, even though it was known to be unsafe. [17:12] and apparently the script you're using expects to be able to use unsafe legacy renegotiation, which would be why it would stop working with openssl 3.0 [17:12] this is just a theory, though. [17:14] there are two forms of tls renegotiation - the old, 'legacy# , one, which ahs been proven to be weak / insecure. and a newer one, which is, so far, assumed to be safe to use. another option is not to renegotiate and just restart the connection, but this can be costly. [17:15] dominique: ^ [17:18] see "Changes between 1.1.1 and 3.0.0 [7 sep 2021]" -> "Client-initiated renegotiation is disabled by default." at https://www.openssl.org/news/changelog.html [17:42] There is a section about renegotiation here https://www.openssl.org/docs/man3.0/man3/SSL_get_secure_renegotiation_support.html [17:43] I used ssllabs.com and could see that our server has renegotiation disabled. [17:45] from the openssl docs, it mentions that for "Patched OpenSSL client and unpatched server", options can be set. [17:47] But I have no clue where SSL_OP_LEGACY_SERVER_CONNECT is set. At compilation ? From the module in code that calls openssl ? [18:54] tnx for bug #1963834 dominique [18:54] Bug 1963834 in openssl (Ubuntu) "openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]" [Undecided, New] https://launchpad.net/bugs/1963834 [18:55] dominique: can you also run; apport-collect 1963834 from a terminal?