Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25798

Windows SChannel clients fail to connect to OpenSSL servers with "No cipher match"

    XMLWordPrintable

Details

    Description

      This was originally reported as part of MDEV-25701 and now split out into a separate ticket.

      When trying to connect from the Windows command line client to an OpenSSL based server the connection attempt fails with:

      C:\Users\User\Desktop>mysql -u secure -psecret -h 192.168.23.15 --ssl --ssl-ca=\ssl\ca-cert.pem --ssl-cert=\ssl\client-cert.pem --ssl-key=\ssl\client-key.pem
      ERROR 2026 (HY000): SSL connection error: no cipher match. Error 0x80090331(SEC_E_ALGORITHM_MISMATCH)
      

      So far I could only reproduce this with two-way TLS, but there is at least one user report about getting the same error with one-way TLS with no explicit client certificate.

      My test setup:

      • Windows10 with MariaDB 10.5.10 installed from 64bit MSI package
      • Linux Server running Ubuntu 20.04 "focal", and mysql-server package installed from our own package repositories, so using OpenSSL
      • certificate files taken from our test suite (cacert, server-cert, client-cert from mysql-test/std-data directory)

      Attachments

        Issue Links

          Activity

            People

              serg Sergei Golubchik
              hholzgra Hartmut Holzgraefe
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.