Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
10.1.33
Description
This is related to the following upstream bug:
https://bugs.mysql.com/bug.php?id=91415
RFC 5746 added "secure renegotiation" to SSL/TLS to fix a flaw in the original renegotiation protocol.
https://tools.ietf.org/html/rfc5746
It does not appear that MariaDB supports this "secure renegotiation" extension.
How to repeat:
Install MariaDB 10.1.33 and configure it to use SSL.
Download mariadb-java-client-2.2.2.jar.
Build and run the Java test program that I will attach to this bug report. e.g.:
export CLASSPATH="/home/ec2-user/mariadb-java-client-2.2.2.jar:."
javac ./TestSslConnect.java
java -Djavax.net.debug=ssl,handshake TestSslConnect | grep renegotiation
You should see output similar to the following:
[ec2-user@ip-172-30-0-249 ~]$ java -Djavax.net.debug=ssl,handshake TestSslConnect | grep renegotiation
Allow unsafe renegotiation: false
Is secure renegotiation: false
Allow unsafe renegotiation: false
Is secure renegotiation: false
Extension renegotiation_info, renegotiated_connection: <empty>