Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.0.7, 3.1.0
-
Component/s: None
-
Labels:None
Description
When establishing a secure connection (both client and server running with OpenSSL v1.1.1) the handshake fails if we pass a cipher suite mix of TLSv1.3 and non TLSv1.3 cipher suites.
According to the OpenSSL documentation TLSv1.3 cipher suites differ from < TLSv1.3 cipher suites and need to be set via SSL_CTX_set_ciphersuites API call. Since OpenSSL currently supports only 3 cipher suites by default, mysql_ssl_set and MYSQL_OPT_SSL_CIPHER (or --ssl_cipher command line option) should only support cipher suites from SSLv3 to TLSv1.2.