Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.3.14
-
None
-
RHEL/CentOS 7.6.1810
Description
When you use a cipher string in create/alter user with REQUIRE like described here
https://mariadb.com/kb/en/library/create-user/ and here
https://mariadb.com/kb/en/library/securing-connections-for-client-and-server/
this doesn't resolve on connect. So if you use REQUIRE CIPHER 'TLSv1.2' for instance and then you connect through an application with a "real cipher" MariaDB throws an error expecting the string which is written in REQUIRE CIPHER and not an actual cipher. This cannot be correct behavior.
The cipher used is a cipher out of TLSv1.2 of course. The end is you cannot authenticate and use the connection then.
[Note] X509 ciphers mismatch: should be 'TLSv1.2' but is 'DHE-RSA-AES256-GCM-SHA384'