Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25798

Windows SChannel clients fail to connect to OpenSSL servers with "No cipher match"

    XMLWordPrintable

    Details

      Description

      This was originally reported as part of MDEV-25701 and now split out into a separate ticket.

      When trying to connect from the Windows command line client to an OpenSSL based server the connection attempt fails with:

      C:\Users\User\Desktop>mysql -u secure -psecret -h 192.168.23.15 --ssl --ssl-ca=\ssl\ca-cert.pem --ssl-cert=\ssl\client-cert.pem --ssl-key=\ssl\client-key.pem
      ERROR 2026 (HY000): SSL connection error: no cipher match. Error 0x80090331(SEC_E_ALGORITHM_MISMATCH)
      

      So far I could only reproduce this with two-way TLS, but there is at least one user report about getting the same error with one-way TLS with no explicit client certificate.

      My test setup:

      • Windows10 with MariaDB 10.5.10 installed from 64bit MSI package
      • Linux Server running Ubuntu 20.04 "focal", and mysql-server package installed from our own package repositories, so using OpenSSL
      • certificate files taken from our test suite (cacert, server-cert, client-cert from mysql-test/std-data directory)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              serg Sergei Golubchik
              Reporter:
              hholzgra Hartmut Holzgraefe
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated: