Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12190

YASSL isn't able to negotiate TLS version correctly

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.2.4, 5.5(EOL), 10.1(EOL)
    • 10.2.6
    • SSL
    • None
    • All platforms

    Description

      According to RFC 4346 Section 7.4.13 "Server Hello" and RFC 5246 Appendix E the Server Hello packet needs to specify the highest supported TLS version, but not higher than what client requests.

      YaSSL's highest supported version is TLSv1.1 (=3.2) - if the client requests a higher version, it needs to be downgraded in Server Hello packet to TLSv1.1 instead of interrupting the handshake and closing the connection.

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. MDEV-10332 Server 10.2: Add support for OpenSSL 1.1

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONC-260 Connection through SSL always gives error on one failed attempt

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONC-393 TLSv1.2 ciphers are rejected on Windows with Schannel

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJ-575 test YaSSL correction and permit TLSv1.2 by default of corrected

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            Transition Time In Source Status Execution Times
            Georg Richter made transition -
            Open Closed
            		65d 8h 10m 1
            Georg Richter made transition -
            Closed Stalled
            		298d 4h 17m 1
            Sergei Golubchik made transition -
            Stalled Closed
            		7d 4m 1

            People

              wlad Vladislav Vaintroub
              georg Georg Richter
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.