FS#60235 - [bitcoin-qt] Stops while switching SSLv3 to TLS

Attached to Project: Community Packages
Opened by Eser KUBALI (eserlxl) - Friday, 28 September 2018, 18:21 GMT
Last edited by Christian Rebischke (Shibumi) - Saturday, 09 February 2019, 13:57 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Christian Rebischke (Shibumi)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 11
Private No

Details

Description: After pacman -Syu, I cannot start bitcoin-qt even from a fresh Arch Linux installation again. No log, no error messages. Compiling from the latest source on github gives the same result.

My Arch: KDE Plasma, 4.18.9-arch1-1-ARCH x86_64

Origin: I've found the source of the problem using gdb -> run -> CTRL+C -> bt sequence and gdb points qt/bitcoin.cpp:579. On this line, bitcoin-qt switches SSLv3 to TLS to mitigate POODLE Attack.

Possible Reason: OpenSSL backward compatibility is not enough and updated OpenSSL violates BIP-70 consensus of bitcoin.

Additional info: bitcoin daemon runs without any problem

Affected Versions: 0.16.3+ and latest bitcoin source on github.

Solution 1: Disabling Switching SSLv3 to TLS [ Causes POODLE Attack vulnerability ]

I had to disable SSLv3 -> TLS code part in order to run the bitcoin-qt wallet.

Disabled code part ( src/qt/bitcoin.cpp, line 579 )

579 QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration();
580 sslconf.setProtocol(QSsl::TlsV1_0OrLater);
581 QSslConfiguration::setDefaultConfiguration(sslconf);

Solution 2: Unnecessary QT SSL version check [ Safe ]

Adding an unnecessary SSL library version check at src/qt/bitcoin.cpp, on line 579 allows bitcoin-qt to run again without disabling switching SSLv3 to TLS.

579 QSslSocket::sslLibraryVersionString();
580 QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration();
581 sslconf.setProtocol(QSsl::TlsV1_0OrLater);
582 QSslConfiguration::setDefaultConfiguration(sslconf);

Links: I've already informed bitcoin github, AUR maintainer of bitcoin-git package and Arch Linux Official Forum members.

https://github.com/bitcoin/bitcoin/issues/14273
https://bbs.archlinux.org/viewtopic.php?id=240553
https://aur.archlinux.org/packages/bitcoin-git/
This task depends upon

Closed by  Christian Rebischke (Shibumi)
Saturday, 09 February 2019, 13:57 GMT
Reason for closing:  Fixed
Additional comments about closing:  0.17.1-1
Comment by Tim Ruffing (realorrandom) - Monday, 01 October 2018, 12:26 GMT
Can you try with 0.16.2 ? For me the problem persists after downgrading to bitcoin-qt-0.16.2, so I suspect the issue was the recent upgrade to qt5-base-5.11.2-1.
Comment by Eser KUBALI (eserlxl) - Monday, 01 October 2018, 14:51 GMT
I'm sure it's irrelevant with bitcoin source, but I have tried it for you :)

I downgraded bitcoin-qt from (0.16.3-1 => 0.16.2-2). In addition, I had to downgrade boost and boost-libs ( 1.68.0-1 => 1.67.0-7 )

The downgraded bitcoin-qt also stops at the beginning.

After updating bitcoin-qt, boost and boost-libs to the latest versions, I've compiled several versions from bitcoin github source.

git clone -b "v0.xy.z" --single-branch --depth 1 https://github.com/bitcoin/bitcoin.git

0.16.2 Hangs at start, same issue
0.16.1 Hangs at start, same issue
0.16.0 Hangs at start, same issue
0.15.2 Hangs at start, same issue
Comment by xris (xris) - Thursday, 04 October 2018, 20:07 GMT
Thank you very much for your investigations. I spent a few hours trying to figure this out yesterday to no avail. Much appreciated!
Comment by Tim Ruffing (realorrandom) - Thursday, 04 October 2018, 20:14 GMT Comment by Vinícius dos Santos Oliveira (vinipsmaker) - Sunday, 25 November 2018, 19:41 GMT
At <https://github.com/bitcoin/bitcoin/issues/14359>, we can know of a inoffensive commit by Tim Ruffing: https://github.com/real-or-random/bitcoin/commit/7d173c4cd1885ff5bcf9e5f8f7f712138dd8a445 (the commit message is descriptive enough)

This commit hit the main repo already: https://github.com/bitcoin/bitcoin/commit/2468471e13987b1be377e1b33fe9c5cdb7a7a3e3

And if you take a look on the issue page, there are lots of people backporting this commit to their own copies of the Bitcoin repo.

I downloaded the ArchLinux PKGBUILD's and modified it to apply this single patch and now my bitcoin-qt works again: https://pastebin.com/nxYTDRrt

Hope it helps to speed up a solution on our side.
Comment by Eli Schwartz (eschwartz) - Sunday, 03 February 2019, 18:43 GMT
  • Field changed: Category (Upstream Bugs → Packages)
  • Field changed: Severity (Medium → High)
I'm a bit confused here. The broken packaged version of bitcoin-qt was 0.16.3, released September 18

bitcoin-qt 0.17.0 (broken) was released on October 3
bitcoin-qt 0.17.0.1 (broken) was released on November 6
bitcoin-qt 0.17.1 with the fix was released on December 25

bitcoin-qt 0.17.0 (broken) was packaged into the repository on January 25, two versions behind and a month after the fixed version was released.

Shibumi, what on earth is going on here???
Comment by Christian Rebischke (Shibumi) - Sunday, 03 February 2019, 20:26 GMT
Hi Eli,
pushed 0.17.1 now.
Comment by Christian Rebischke (Shibumi) - Wednesday, 06 February 2019, 21:14 GMT
Can you guys confirm that this issue is fixed with 0.17.1?
Comment by Eser KUBALI (eserlxl) - Wednesday, 06 February 2019, 21:34 GMT
The bug was fixed with 0.17.1, thanks :)

Loading...