[MDEV-19278] TLS cipher is not negotiated correctly in REQUIRE CIPHER - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.3.14
Fix Version/s: N/A
Component/s: Authentication and Privilege System, Documentation, SSL
Labels:
None
Environment:
RHEL/CentOS 7.6.1810

Description

When you use a cipher string in create/alter user with REQUIRE like described here
https://mariadb.com/kb/en/library/create-user/ and here
https://mariadb.com/kb/en/library/securing-connections-for-client-and-server/
this doesn't resolve on connect. So if you use REQUIRE CIPHER 'TLSv1.2' for instance and then you connect through an application with a "real cipher" MariaDB throws an error expecting the string which is written in REQUIRE CIPHER and not an actual cipher. This cannot be correct behavior.
The cipher used is a cipher out of TLSv1.2 of course. The end is you cannot authenticate and use the connection then.

[Note] X509 ciphers mismatch: should be 'TLSv1.2' but is 'DHE-RSA-AES256-GCM-SHA384'

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

odbc-test-ciphers.php
6 kB
2021-09-27 16:42
openssl-1.0.2k.html
27 kB
2021-09-14 17:35
openssl-1.1.1f.html
16 kB
2021-09-14 17:35

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Thomas

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-04-18 06:51

Updated:: 2022-01-08 14:48

Resolved:: 2022-01-08 14:48

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.