Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-375

SSL handshake fails (no cipher match)

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 3.0.7, 3.1.0
    • 3.0.8, 3.1.0
    • None
    • None

    Description

      When establishing a secure connection (both client and server running with OpenSSL v1.1.1) the handshake fails if we pass a cipher suite mix of TLSv1.3 and non TLSv1.3 cipher suites.

      According to the OpenSSL documentation TLSv1.3 cipher suites differ from < TLSv1.3 cipher suites and need to be set via SSL_CTX_set_ciphersuites API call. Since OpenSSL currently supports only 3 cipher suites by default, mysql_ssl_set and MYSQL_OPT_SSL_CIPHER (or --ssl_cipher command line option) should only support cipher suites from SSLv3 to TLSv1.2.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          georg Georg Richter created issue -
          georg Georg Richter made changes -
          Field Original Value New Value
          issue.field.resolutiondate 2018-12-01 14:38:34.0 2018-12-01 14:38:34.718
          georg Georg Richter made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Closed [ 6 ]
          julien.fritsch Julien Fritsch made changes -
          Workflow MariaDB connectors [ 90898 ] MariaDB v4 [ 161149 ]

          People

            georg Georg Richter
            georg Georg Richter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.