Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22221

Official binary compiled with WolfSSL doesn't support TLS 1.3 and AES-GCM cipher

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.4.12
    • 10.4.21, 10.5.12, 10.6.4
    • SSL
    • None
    • Tested on:
      Windows 10 1809 17763.1131 Official 10.4.12 MSI installer
      Fedora 31 in Docker on Debian 10 Linux 4.19.0 Official 10.4.12 Binary tarball
      (wolfSSL Version 4.3.0)

    Description

      Config 1:

      ssl_cert=/etc/mysql/ssl/db.crt
      		 
      ssl_key=/etc/mysql/ssl/db.key
      		 
      tls_version=TLSv1.3

      OpenSSL 1.1.1 s_client test:

      openssl s_client -connect 127.0.0.1:3306 -status -tlsextdebug -starttls mysql < /dev/null 2>&1
      		 
      CONNECTED(00000003)
      		 
      140674569278592:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:

      mysql client test:

      /usr/local/mysql/bin/mysql -h 127.0.0.1 -u root --ssl-ca=/etc/ssl/certs/ca-bundle.crt
      		 
      ERROR 2026 (HY000): SSL connection error: A packet with illegal or unsupported version was received.

      (Always fail if only TLS 1.3 is enabled)

      Config 2

      ssl_cert=/etc/mysql/ssl/db.crt
      		 
      ssl_key=/etc/mysql/ssl/db.key
      		 
      tls_version=TLSv1.2
      		 
      ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384

      mysqld error log

      2020-04-11 15:03:03 0 [Warning] Failed to setup SSL
      		 
      2020-04-11 15:03:03 0 [Warning] SSL error: Failed to set ciphers to use

      While all these configs work perfectly for Official DEB package compiled with OpenSSL 1.1.1

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-25799 tls_version=TLSv1.3 does not work with WolfSSL based server builds

          • Major - Major loss of function.
          • Closed
          links to

          Web Link github pr 1501 - WIP

          Activity

            People

              wlad Vladislav Vaintroub
              brentybh Bohan Yang
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.