Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12190

YASSL isn't able to negotiate TLS version correctly

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 5.5, 10.1, 10.2.4
    • 10.2.6
    • SSL
    • None
    • All platforms

    Description

      According to RFC 4346 Section 7.4.13 "Server Hello" and RFC 5246 Appendix E the Server Hello packet needs to specify the highest supported TLS version, but not higher than what client requests.

      YaSSL's highest supported version is TLSv1.1 (=3.2) - if the client requests a higher version, it needs to be downgraded in Server Hello packet to TLSv1.1 instead of interrupting the handshake and closing the connection.

      Attachments

        Issue Links

          Activity

            People

              wlad Vladislav Vaintroub
              georg Georg Richter
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.