"22-Sep-2020 OpenSSL 1.1.1h is now available, including bug fixes"

Christian, any changes need in _ssl or any other reasons we should not upgrade?

Changes between 1.1.1g and 1.1.1h [22 Sep 2020]

*) Certificates with explicit curve parameters are now disallowed in
verification chains if the X509_V_FLAG_X509_STRICT flag is used.
[Tomas Mraz]

*) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configuring DTLS-based contexts, and
conversely, silently ignore DTLS protocol version bounds when configuring
TLS-based contexts. The commands can be repeated to set bounds of both
types. The same applies with the corresponding "min_protocol" and
"max_protocol" command-line switches, in case some application uses both TLS
and DTLS.

 SSL_CTX instances that are created for a fixed protocol version (e.g.
 TLSv1_server_method()) also silently ignore version bounds.  Previously
 attempts to apply bounds to these protocol versions would result in an
 error.  Now only the "version-flexible" SSL_CTX instances are subject to
 limits in configuration files in command-line options.
 [Viktor Dukhovni]

*) Handshake now fails if Extended Master Secret extension is dropped
on renegotiation.
[Tomas Mraz]

Christian, ping?

Sorry, I missed the initial ping.

The changes look unproblematic to me. Our test suite is passing with 1.1.1h, too. Python doesn't set VERIFY_X509_STRICT by default and does not support DTLS.

Please go ahead.

You may want to hold off until next week:

https://mta.openssl.org/pipermail/openssl-announce/2020-December/000186.html

OpenSSL 1.1.i is a security-fix release. The highest severity issue fixed in this release is HIGH.

New changeset 14097a2 by Ned Deily in branch 'master':
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1i. (GH-24080)
14097a2

New changeset f24ac45 by Miss Islington (bot) in branch '3.8':
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1i. (GH-24080) (bpo-24084)
f24ac45

New changeset 76489dd by Miss Islington (bot) in branch '3.9':
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1i. (GH-24080) (GH-24083)
76489dd

New changeset afb7144 by Steve Dower in branch 'master':
bpo-41837: Updated Windows installer to include OpenSSL 1.1.1i (GH-24125)
afb7144

New changeset c833393 by Steve Dower in branch '3.9':
bpo-41837: Updated Windows installer to include OpenSSL 1.1.1i (GH-24125)
c833393

New changeset 86b1207 by Steve Dower in branch '3.8':
bpo-41837: Updated Windows installer to include OpenSSL 1.1.1i (GH-24125)
86b1207

I believe this is all done now.

The fix has only be done for 3.8, 3.9 and 3.10. Are 3.7 and 3.6 are not impacted?

They are impacted. However 3.7.9 and 3.6.8 were the last releases with binaries for Windows and macOS. All subsequent releases are source-only releases. Since we don't release binaries for 3.6 and 3.7 any more, we typically don't update them.

I got bad news. OpenSSL 1.1.1i introduced a regression in cert validation. This affects some cases that involve self-signed certificates. Cert validation fails if a self-signed certificate is used as both a trust anchor (root CA) and EE cert. This may affect Python.

Would it be possible to rebuild our OpenSSL binaries with patch openssl/openssl#13749 ?

Looks like we missed Christian's last message...

Have OpenSSL made an updated release? If this issue is as bad as the short description above sounds, I expect they would have.

It's possible to rebuild with the patch, but easier if it's a release.

(Also, Christian, should this have been a release blocker? We just made fast releases for a security concern...)

1.1.1j was issued earlier this week and, from browsing the source, it appears that this fix is included (it's not mentioned as a major issue) along with other fixes. So I assume we just need to update the installers to use 1.1.1j. The question is then do need to push updated installers for 3.9.x and 3.8.x? Setting to "deferred blocker" pending a decision.

@christian? @Łukasz?

New changeset 0242494 by Ned Deily in branch 'master':
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j. (GH-24677)
0242494

New changeset e2f6ed8 by Miss Islington (bot) in branch '3.8':
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j. (GH-24677)
e2f6ed8

New changeset 982e8ec by Miss Islington (bot) in branch '3.9':
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j. (GH-24677)
982e8ec

Now updated to OpenSSL 1.1.1k in bpo-43631