Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26092

Remove weak ciphers (WolfSSL)

    XMLWordPrintable

    Details

      Description

      While implementing MDEV-26049 I noticed that WolfSSL supports weak cipher suites which should be disabled.

      Using a 10.2 command line client (yassl):

      $ ./client/mysql -uroot -h127.0.0.1 -P16000 --ssl-cipher=RC4-MD5 -e"show status like 'ssl_cipher'\G"
      *************************** 1. row ***************************
      Variable_name: Ssl_cipher
              Value: RC4-MD5
      $  ./client/mysql -uroot -h127.0.0.1 -P16000 --ssl-cipher=RC4-SHA -e"show status like 'ssl_cipher'\G"
      *************************** 1. row ***************************
      Variable_name: Ssl_cipher
              Value: RC4-SHA
      

      RC4 is vulnerable and should be removed. See also https://www.rc4nomore.com/

        Attachments

          Activity

            People

            Assignee:
            wlad Vladislav Vaintroub
            Reporter:
            georg Georg Richter
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration