Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-375

SSL handshake fails (no cipher match)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0, 3.0.7
    • Fix Version/s: 3.1.0, 3.0.8
    • Component/s: None
    • Labels:
      None

      Description

      When establishing a secure connection (both client and server running with OpenSSL v1.1.1) the handshake fails if we pass a cipher suite mix of TLSv1.3 and non TLSv1.3 cipher suites.

      According to the OpenSSL documentation TLSv1.3 cipher suites differ from < TLSv1.3 cipher suites and need to be set via SSL_CTX_set_ciphersuites API call. Since OpenSSL currently supports only 3 cipher suites by default, mysql_ssl_set and MYSQL_OPT_SSL_CIPHER (or --ssl_cipher command line option) should only support cipher suites from SSLv3 to TLSv1.2.

        Attachments

          Activity

            People

            Assignee:
            georg Georg Richter
            Reporter:
            georg Georg Richter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: