Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22221

Official binary compiled with WolfSSL doesn't support TLS 1.3 and AES-GCM cipher

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.4.12
    • 10.4.21, 10.5.12, 10.6.4
    • SSL
    • None
    • Tested on:
      Windows 10 1809 17763.1131 Official 10.4.12 MSI installer
      Fedora 31 in Docker on Debian 10 Linux 4.19.0 Official 10.4.12 Binary tarball
      (wolfSSL Version 4.3.0)

    Description

      Config 1:

      ssl_cert=/etc/mysql/ssl/db.crt
      ssl_key=/etc/mysql/ssl/db.key
      tls_version=TLSv1.3
      

      OpenSSL 1.1.1 s_client test:

      openssl s_client -connect 127.0.0.1:3306 -status -tlsextdebug -starttls mysql < /dev/null 2>&1
      CONNECTED(00000003)
      140674569278592:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
      

      mysql client test:

      /usr/local/mysql/bin/mysql -h 127.0.0.1 -u root --ssl-ca=/etc/ssl/certs/ca-bundle.crt
      ERROR 2026 (HY000): SSL connection error: A packet with illegal or unsupported version was received.
      

      (Always fail if only TLS 1.3 is enabled)


      Config 2

      ssl_cert=/etc/mysql/ssl/db.crt
      ssl_key=/etc/mysql/ssl/db.key
      tls_version=TLSv1.2
      ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384
      

      mysqld error log

      2020-04-11 15:03:03 0 [Warning] Failed to setup SSL
      2020-04-11 15:03:03 0 [Warning] SSL error: Failed to set ciphers to use
      


      While all these configs work perfectly for Official DEB package compiled with OpenSSL 1.1.1

      Attachments

        Issue Links

          Activity

            People

              wlad Vladislav Vaintroub
              brentybh Bohan Yang
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.