Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12190

YASSL isn't able to negotiate TLS version correctly

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.2.4, 5.5(EOL), 10.1(EOL)
    • 10.2.6
    • SSL
    • None
    • All platforms

    Description

      According to RFC 4346 Section 7.4.13 "Server Hello" and RFC 5246 Appendix E the Server Hello packet needs to specify the highest supported TLS version, but not higher than what client requests.

      YaSSL's highest supported version is TLSv1.1 (=3.2) - if the client requests a higher version, it needs to be downgraded in Server Hello packet to TLSv1.1 instead of interrupting the handshake and closing the connection.

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. MDEV-10332 Server 10.2: Add support for OpenSSL 1.1

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONC-260 Connection through SSL always gives error on one failed attempt

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONC-393 TLSv1.2 ciphers are rejected on Windows with Schannel

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJ-575 test YaSSL correction and permit TLSv1.2 by default of corrected

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            georg Georg Richter created issue -
            georg Georg Richter made changes -
            Field Original Value New Value
            Attachment MDEV-12190.patch [ 43396 ]
            georg Georg Richter made changes -
            Summary YASSL isn't able to negotiate protocol correctly YASSL isn't able to negotiate TLS version correctly
            georg Georg Richter made changes -
            serg Sergei Golubchik made changes -
            Priority Critical [ 2 ] Major [ 3 ]
            dbart Daniel Bartholomew made changes -
            Fix Version/s 10.2.6 [ 22527 ]
            Fix Version/s 10.2.5 [ 22117 ]
            georg Georg Richter made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Closed [ 6 ]
            georg Georg Richter made changes -
            georg Georg Richter made changes -
            Resolution Fixed [ 1 ]
            Status Closed [ 6 ] Stalled [ 10000 ]
            georg Georg Richter made changes -
            Affects Version/s 5.5 [ 15800 ]
            Affects Version/s 10.1 [ 16100 ]
            georg Georg Richter made changes -
            Assignee Georg Richter [ georg ]
            serg Sergei Golubchik made changes -
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            serg Sergei Golubchik made changes -
            Assignee Georg Richter [ georg ]
            diego dupin Diego Dupin made changes -
            wlad Vladislav Vaintroub made changes -
            Assignee Georg Richter [ georg ] Vladislav Vaintroub [ wlad ]
            GeoffMontee Geoff Montee (Inactive) made changes -
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 79858 ] MariaDB v4 [ 151777 ]

            People

              wlad Vladislav Vaintroub
              georg Georg Richter
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.