Description of problem: After installing the RPM's rootcerts-java-20200911.00-1.mga7.noarch Mi 30 Sep 2020 16:10:45 CEST rootcerts-20200911.00-1.mga7.noarch Mi 30 Sep 2020 16:10:44 CEST samba-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:43 CEST samba-winbind-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:42 CEST samba-client-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:42 CEST firefox-78.3.0-1.mga7.x86_64 Mi 30 Sep 2020 16:10:41 CEST lib64nss3-3.57.0-1.mga7.x86_64 Mi 30 Sep 2020 16:10:32 CEST firefox-de-78.3.0-1.mga7.noarch Mi 30 Sep 2020 16:10:32 CEST nss-3.57.0-1.mga7.x86_64 Mi 30 Sep 2020 16:10:31 CEST samba-winbind-modules-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:30 CEST lib64smbclient0-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:30 CEST lib64samba-dc0-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:30 CEST crypto-policies-20200813-1.mga7.noarch Mi 30 Sep 2020 16:10:30 CEST samba-common-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:29 CEST p11-kit-trust-0.23.21-1.mga7.x86_64 Mi 30 Sep 2020 16:10:29 CEST lib64samba1-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:29 CEST lib64nspr4-4.29-1.mga7.x86_64 Mi 30 Sep 2020 16:10:29 CEST lib64kdc-samba4_2-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:29 CEST lib64heimntlm-samba4_1-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:29 CEST p11-kit-0.23.21-1.mga7.x86_64 Mi 30 Sep 2020 16:10:27 CEST lib64wbclient0-4.10.18-1.mga7.x86_64 Mi 30 Sep 2020 16:10:27 CEST lib64gnutls30-3.6.15-1.mga7.x86_64 Mi 30 Sep 2020 16:10:27 CEST lib64p11-kit0-0.23.21-1.mga7.x86_64 Mi 30 Sep 2020 16:10:26 CEST @ Port 80: Update, Kurs-/Währungsaktualisierung @ Port 443: PIN/TAN-Verfahren V Port 3000: HBCI-Verfahren @= not available, V = OK How reproducible: no Update, no problem Steps to Reproduce: 1. take last update 2.shit happens 3.
Hi thanks reporting this. Moneyplex Banking software is an application which is not belonging to our distribution. As result of lastest updates, TLS 1.0 and 1.1 are no longer available to establish secure connections. Firefox 78.3 can establish out-of-the-box TLS 1.2 and 1.3 connections. If your Software is unable to establish SSL connections since these updates, it need to be updated/recompiled. Can you even provide link to this software? Internet website?
Component: New RPM package request => RPM PackagesCC: (none) => ouaurelien
Hello! You can find a trialversion there: https://matrica.de/download/download.php moneyplex für Linux moneyplex native für alle gängigen Linux Distributionen. You want to try it out? We like to send you a serialnumber. Go to our service testen@matrica.de vG Juergen
Hi again, As far as I understand, this software, which is not in our distribution, is a commercial software. According to our policies, we can't provide support for them. Incrimined updates from Sept. 30th 2020 introduce a big update on SSL/TLS as mentioned on Comment 1. We try to make our distribution as secure as possible and TLS version priori to 1.2 must be dropped. Cc'ed Bugsquad Team Leader, regarding to this, we can't modify our distribution to let commercial softwares run well if updates to core packages broke them. I tend to close this WON'T FIX.
CC: (none) => lewyssmith
Hi, It is not necessary to give support to a commercial offerer of a linux program. It is a pity, that this step was not communicated in the D community. I gave this information to the company "matrica" now I hope, they can solve this problem. Viele Grüße aus dem Sauerland, in der Nähe von Dortmund. Trotzdem bin ich Fan von 1860 München :-) Jürgen
I found a way to revive the ports 80 / 443 for the software: Install crypto-policies-20170606 using "urpmi --downgrade".
CC: (none) => man-draker
(In reply to man draker from comment #5) > I found a way to revive the ports 80 / 443 for the software: > > Install crypto-policies-20170606 using "urpmi --downgrade". This steps above are not supported, from a security point of view. Instead, if you really need TLS 1.0/1.1 connections, which are really deprecated, we recommends these command with crypto-policies-20200813-1.mga7.noarch package installed: # update-crypto-policies --set LEGACY Doing this, the policy ensures maximum compatibility with Red Hat Enterprise Linux 5 and earlier; it is less secure due to an increased attack surface. In addition to the DEFAULT level algorithms and protocols, it includes support for the TLS 1.0 and 1.1 protocols. The algorithms DSA, 3DES, and RC4 are allowed, while RSA keys and Diffie-Hellman parameters are accepted if they are at least 1023 bits long. We recommends to go back to "update-crypto-policies --set DEFAULT" as soon as possible. This is the default system-wide cryptographic policy level which offers secure settings for current threat models. It allows the TLS 1.2 and 1.3 protocols, as well as the IKEv2 and SSH2 protocols. The RSA keys and Diffie-Hellman parameters are accepted if they are at least 2048 bits long. Closing this WONTFIX
Resolution: (none) => WONTFIXStatus: NEW => RESOLVED
I'm sorry, but Your Advice does not work here. Updating to the actual Package and using # update-crypto-policies --set LEGACY leads to the same error as without it. I agree that downgrading is a dirty workaround and should be avoided - but it works.
Following a hint of the manufacturer, Moneyplex does not find the openssl and crypto Libraries. It helps, to add a section [OpenSSL] libssl=/usr/lib64/libssl.so libcrypto=/usr/lib64/libcrypto.so to the file settings.ini in the moneyplex-directory. The path depends on the individual Installation locate libssl.so and locate libcrypto.so will help.