Details
-
Task
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Won't Fix
-
None
-
10.2.14
Description
By default the RFC5077 (TLS session ticket) extension is enabled in MariaDB server.
When connecting via Windows SChannel (which uses session tickets by default) the handshake fails sometimes, since the server isn't able to send a session ticket (see 2nd screenshot: Instead of sending the session ticket, server sends a 92 byte packet, containing the error message "Bad handshake").
Proposal: Fix or disable session tickets in server.
How to repeat:
C:\>mysql -uuser -ppassword -hmariadbtls2.cvz6gk5op1wk.us-east-1.rds.amazonaws.com --ssl -e"select @@version_ssl_library";
|
+--------------------------------+
|
| @@version_ssl_library |
|
+--------------------------------+
|
| OpenSSL 1.0.1k-fips 8 Jan 2015 |
|
+--------------------------------+
|
 |
C:\>mysql -uuser -ppassword -hmariadbtls2.cvz6gk5op1wk.us-east-1.rds.amazonaws.com --ssl -e"select @@version_ssl_library";
|
ERROR 2026 (HY000): Unknown SSL error (0x80090308)
|
Attachments
Issue Links
- relates to
-
MDEV-10803 connection timeout doesn't work for SSL connections
- Open