[MDEV-16581] MariaDB does not support SSL secure renegotiation - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Not a Bug
Affects Version/s: 10.1.33
Fix Version/s: N/A
Component/s: SSL
Labels:
- upstream

Description

This is related to the following upstream bug:

https://bugs.mysql.com/bug.php?id=91415

RFC 5746 added "secure renegotiation" to SSL/TLS to fix a flaw in the original renegotiation protocol.

https://tools.ietf.org/html/rfc5746

It does not appear that MariaDB supports this "secure renegotiation" extension.

How to repeat:

Install MariaDB 10.1.33 and configure it to use SSL.

Download mariadb-java-client-2.2.2.jar.

Build and run the Java test program that I will attach to this bug report. e.g.:

export CLASSPATH="/home/ec2-user/mariadb-java-client-2.2.2.jar:."
javac ./TestSslConnect.java
java -Djavax.net.debug=ssl,handshake TestSslConnect | grep renegotiation

You should see output similar to the following:

[ec2-user@ip-172-30-0-249 ~]$ java -Djavax.net.debug=ssl,handshake TestSslConnect | grep renegotiation
Allow unsafe renegotiation: false
Is secure renegotiation: false
Allow unsafe renegotiation: false
Is secure renegotiation: false
Extension renegotiation_info, renegotiated_connection: <empty>

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

TestSslConnect.java
2 kB
2018-06-25 18:23

Issue Links

links to

MySQL bug #91415 - MySQL does not support SSL secure renegotiation

Activity

People

Assignee:: Unassigned

Reporter:: Geoff Montee (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2018-06-25 18:24

Updated:: 2020-08-25 16:45

Resolved:: 2018-07-01 13:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.