Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36981

MariaDB built against OpenSSL 1.1.1 cannot configure both TLSv1.3 and TLSv1.2 ciphers at the same time

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Won't Fix
    • 10.6, 10.11, 11.4, 10.5(EOL)
    • 10.6.23
    • SSL
    • None
    • RHEL 8, Rocky 8, AlmaLinux 8
    • Unexpected results

    Description

      The work carried out in MDEV-34869 fixed the issue for MariaDB builds using OpenSSL 3.0 but not for builds using OpenSSL 1.1.1. Even though OpenSSL 1.1.1 is EoL, Red Hat continue to provide security backports and will do until 2029.

      The comments in pull 3500 mentions that the OpenSSL function SSL_CTX_set_ciphersuites() doesn't set TLSv1.3 ciphers properly. Is there a way around this? Perhaps use the alternate function SSL_set_ciphersuites()?

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34869 ssl-cipher server system variable cannot configure both TLSv1.3 and TLSv1.2 ciphers at the same time

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link related OpenSSL bug

          Activity

            People

              Unassigned Unassigned
              Ali.maria Alasdair Haswell
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.