Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26092

Remove weak ciphers (WolfSSL)

    XMLWordPrintable

Details

    Description

      While implementing MDEV-26049 I noticed that WolfSSL supports weak cipher suites which should be disabled.

      Using a 10.2 command line client (yassl):

      $ ./client/mysql -uroot -h127.0.0.1 -P16000 --ssl-cipher=RC4-MD5 -e"show status like 'ssl_cipher'\G"
      		 
      *************************** 1. row ***************************
      		 
      Variable_name: Ssl_cipher
      		 
              Value: RC4-MD5
      		 
      $  ./client/mysql -uroot -h127.0.0.1 -P16000 --ssl-cipher=RC4-SHA -e"show status like 'ssl_cipher'\G"
      		 
      *************************** 1. row ***************************
      		 
      Variable_name: Ssl_cipher
      		 
              Value: RC4-SHA

      RC4 is vulnerable and should be removed. See also https://www.rc4nomore.com/

      Attachments

        Activity

          People

            wlad Vladislav Vaintroub
            georg Georg Richter
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.