Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12190

YASSL isn't able to negotiate TLS version correctly

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.2.4, 5.5(EOL), 10.1(EOL)
    • 10.2.6
    • SSL
    • None
    • All platforms

    Description

      According to RFC 4346 Section 7.4.13 "Server Hello" and RFC 5246 Appendix E the Server Hello packet needs to specify the highest supported TLS version, but not higher than what client requests.

      YaSSL's highest supported version is TLSv1.1 (=3.2) - if the client requests a higher version, it needs to be downgraded in Server Hello packet to TLSv1.1 instead of interrupting the handshake and closing the connection.

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. MDEV-10332 Server 10.2: Add support for OpenSSL 1.1

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONC-260 Connection through SSL always gives error on one failed attempt

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONC-393 TLSv1.2 ciphers are rejected on Windows with Schannel

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJ-575 test YaSSL correction and permit TLSv1.2 by default of corrected

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            georg Georg Richter added a comment -

            This was fixed together with MDEV-10332

            georg Georg Richter added a comment - This was fixed together with MDEV-10332
            georg Georg Richter added a comment -

            Not fixed in 5.5 and 10.1

            georg Georg Richter added a comment - Not fixed in 5.5 and 10.1

            People

              wlad Vladislav Vaintroub
              georg Georg Richter
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.