Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12193

Discontinue support of unsecure and unsupported OpenSSL versions (< 1.0.1)

    Details

      Description

      Currently MariaDB server supports OpenSSL versions 0.9, 1.0, 1.0.1, 1..0.2 (and 1.1 when MDEV-10332 is finished)

      • OpenSSL version 0.9.8 and 1.0 eoled in 2015
      • OpenSSL 1.0.1 eoled in 2016
      • Both versions will not get security updates/fixes anymore
      • All major distros which still support 0.9 or 1.0 didn't fix any CVE during the last 12 months
      • OpenSSL 0.9 doesn't support TLS 1.1 and TLS 1.2
      • mtr tests fail due to lack of ciphers
      • mtr tests fail if server and client don't use the same OpenSSL version (0.9 or 1.0)

      Suggestion:

      Stop cmake build if OpenSSL version number is < 1.0.1

      See also: MySQL Documentation - Building with secure connection support

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                georg Georg Richter
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: