Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
None
-
None
Description
I've set up two machines, one named "openssl" with MariaDB installed from our own Ubuntu package repository, so built against OpenSSL, and one named "wolfssl" with MariaDB installed from our generic Linux binary tarball, so built against WolfSSL
Both servers are set up for SSL/TLS, and are configured to enforce TLSv1.3 with
tls_version=TLSv1.3
|
The mysql command line client is able to connect to the OpenSSL based MariaDB server using encryption from both machines just fine.
Neither client can connect to the WolfSSL based server though.
The client using OpenSSL reports:
vagrant@openssl:~$ mysql -u x509 -psecret -h wolfssl --ssl
|
ERROR 2026 (HY000): SSL connection error: wrong version number
|
And the WolfSSL based client basically reports the same, just with different wording:
vagrant@wolfssl:~$ mysql -u x509 -psecret -h wolfssl --ssl
|
ERROR 2026 (HY000): SSL connection error: A packet with illegal or unsupported version was received.
|
When removing the
tls_version=TLSv1.3
|
line from the configuration file, and restarting the MariaDB server using WolfSSL, encrypted connections are possible, but only use TLSv1.2
When connecting from the WolfSSL based client to the OpenSSL based server, both agree on using TSLv1.3 as the highest mutually supported version though.
Attachments
Issue Links
- duplicates
-
MDEV-22221 Official binary compiled with WolfSSL doesn't support TLS 1.3 and AES-GCM cipher
- Closed
- relates to
-
MDEV-25701 Two-way TLS does not work with WolfSSL and version1 certificates
- Confirmed