[MDEV-12193] Discontinue support of unsecure and unsupported OpenSSL versions (< 1.0.1) - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Fix Version/s: 10.1.25, 10.2.7
Component/s: SSL
Labels:
None

Description

Currently MariaDB server supports OpenSSL versions 0.9, 1.0, 1.0.1, 1..0.2 (and 1.1 when ~~MDEV-10332~~ is finished)

OpenSSL version 0.9.8 and 1.0 eoled in 2015
OpenSSL 1.0.1 eoled in 2016
Both versions will not get security updates/fixes anymore
All major distros which still support 0.9 or 1.0 didn't fix any CVE during the last 12 months
OpenSSL 0.9 doesn't support TLS 1.1 and TLS 1.2
mtr tests fail due to lack of ciphers
mtr tests fail if server and client don't use the same OpenSSL version (0.9 or 1.0)

Suggestion:

Stop cmake build if OpenSSL version number is < 1.0.1

See also: MySQL Documentation - Building with secure connection support

Attachments

Issue Links

blocks

MDEV-10332 Server 10.2: Add support for OpenSSL 1.1

Closed

relates to

MDEV-11542 Pointer being freed was not allocated, server crashes, binlog_encryption.rpl_ssl fails in buildbot on labrador

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Georg Richter

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017-03-07 06:46

Updated:: 2017-06-22 10:56

Resolved:: 2017-06-22 10:55

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.