Client improperly sends identifying information in plaintext prior to TLS handshake

... and, furthermore, the server requires that information to be sent in plaintext, and irreversibly updates its assessment of the client capabilities for this connection based on it (see MDEV-31585).

Spinning this off from my comment on CONC-648. (Like CONC-648, this is another TLS-related vulnerability.)

As I showed there, MariaDB clients including Connector/C send a great deal of identifying information about themselves in plaintext in the initial "login request" packet, even when they subsequently switch to TLS, and then resend a login request packet over the TLS channel:

This information includes the client capability bits, the client's MAX_ALLOWED_PACKET size, and the client's charset.

Copying from there:

This makes MariaDB client-server connections an exploitable and target-rich environment for pervasive MITM attackers. A government agency could, for example, fingerprint the plaintext client+server greeting packets to determine the exact versions, pull out the ones that appear to be from interesting parts of the world based on the plaintext preferred client charset, and manipulate them in various ways with MITM and downgrade attacks using this vulnerability, as well as the long-known MDEV-28634... and all of that without needing to actually do any TLS cracking.

For all I know, the NSA or CSIC or GCHQ or יחידה 8200 or the Chinese/Iranian/Indian/Russian/$COUNTRY equivalents have already figured this out themselves, and have been MITM'ing MariaDB connections on the Internet at massive scale for years.