Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12190

YASSL isn't able to negotiate TLS version correctly

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.2.4, 5.5(EOL), 10.1(EOL)
    • 10.2.6
    • SSL
    • None
    • All platforms

    Description

      According to RFC 4346 Section 7.4.13 "Server Hello" and RFC 5246 Appendix E the Server Hello packet needs to specify the highest supported TLS version, but not higher than what client requests.

      YaSSL's highest supported version is TLSv1.1 (=3.2) - if the client requests a higher version, it needs to be downgraded in Server Hello packet to TLSv1.1 instead of interrupting the handshake and closing the connection.

      Attachments

        Issue Links

          Activity

            People

              wlad Vladislav Vaintroub
              georg Georg Richter
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0d
                  0d
                  Logged:
                  Time Spent - 10m
                  10m

                  Git Integration

                    Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.