Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19542

Disable SSLv3 and TLSv1.0

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: 10.4.6
    • Component/s: SSL
    • Labels:
      None

      Description

      The latest PCI DSS Requirements recommend only using TLSv1.1 and above.

      MariaDB does not follow these recommendations. It looks like MariaDB can still use SSLv3 and TLSv1.0 if the server is linked with yaSSL, and MariaDB still use TLSv1.0 if the server is linked with OpenSSL.

      Should we disable support for SSLv3 and TLSv1.0?

      yaSSL only supports up to TLSv1.1, so we would probably need to replace yaSSL before we can do this. See MDEV-18531 about that.

      If we make this change, then we should also update the documentation:

      https://mariadb.com/kb/en/library/secure-connections-overview/#tls-protocol-version-support

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              serg Sergei Golubchik
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: