Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-35579

With WolfSSL server does not chose best TLSv1.3 cipher offered by client

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.6.20, 11.4.4
    • 10.5.29, 10.6.22, 10.11.12, 11.4.6, 11.8.2
    • SSL
    • None
    • Generic Linux binary tarball, or Windows, Install so that WolfSSL is statically compiled in instead of using OpenSSL

    Description

      When using a MariaDB server built against a current version of OpenSSL and connect to it using the command line client from the same version, using encryption, the client and server agree on using TLS v1.3 and TLS_AES_256_GCM_SHA384 as the cipher.

      When doing the same with a generic binary tarball release, or on Windows, so that the server uses WolfSSL instead of OpenSSL TLS v1.3 and TLS13-AES128-GCM-SHA256 is used. The variant with 256bit AES and 384bit SHA is also offered by the client, but the server decides to use the "lesser" alternative.

      Attachments

        Activity

          Transition Time In Source Status Execution Times
          Vladislav Vaintroub made transition -
          Open Needs Feedback
          		4h 29m 1
          Julien Fritsch made transition -
          Needs Feedback Open
          		31d 15h 1m 1
          Vladislav Vaintroub made transition -
          Open Closed
          		31d 1h 25m 1

          People

            wlad Vladislav Vaintroub
            hholzgra Hartmut Holzgraefe
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.