[MDEV-35579] With WolfSSL server does not chose best TLSv1.3 cipher offered by client - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6.20, 11.4.4
Fix Version/s: 10.6, 10.11, 11.4
Component/s: SSL
Labels:
None
Environment:
Generic Linux binary tarball, or Windows, Install so that WolfSSL is statically compiled in instead of using OpenSSL

Description

When using a MariaDB server built against a current version of OpenSSL and connect to it using the command line client from the same version, using encryption, the client and server agree on using TLS v1.3 and TLS_AES_256_GCM_SHA384 as the cipher.

When doing the same with a generic binary tarball release, or on Windows, so that the server uses WolfSSL instead of OpenSSL TLS v1.3 and TLS13-AES128-GCM-SHA256 is used. The variant with 256bit AES and 384bit SHA is also offered by the client, but the server decides to use the "lesser" alternative.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

TLSv1.3-ClientHello.png
364 kB
2024-12-06 01:09
TLSv1.3-ServerHello.png
189 kB
2024-12-06 01:09

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Hartmut Holzgraefe

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 2025-02-06

Created:: 2024-12-05 14:57

Updated:: 3 days ago 10:28

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.