Support for TLS protocols may well be there, but it is not documented; if present, it has no options to control it.
Currently MariaDB claims to support SSLv3. We would like to move away from SSLv3 due to the POODLE vulnerability.
In testing, MariaDB client/server currently cannot connect using any of the TLS protocols. Testing was performed on MariaDB 5.5.32-1 on CentOS 6.x x86_64, compiled against OpenSSL.
We used the technique of trying ciphers that are not supported in SSLv2 or SSLv3, which leaves the TLS 1.x ciphers - http://www.percona.com/blog/2014/10/15/how-to-close-poodle-sslv3-security-flaw-cve-2014-3566/ . All connections failed with "ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)".
Ideally, MariaDB should have...
- a configuration value to disable SSLv2/v3
- a clear statement of which TLS protocol variants are known to work (perhaps qualified by SSL library used – with yaSSL, with OpenSSL...)