Details

      Description

      Support for TLS protocols may well be there, but it is not documented; if present, it has no options to control it.

      Currently MariaDB claims to support SSLv3. We would like to move away from SSLv3 due to the POODLE vulnerability.

      In testing, MariaDB client/server currently cannot connect using any of the TLS protocols. Testing was performed on MariaDB 5.5.32-1 on CentOS 6.x x86_64, compiled against OpenSSL.

      We used the technique of trying ciphers that are not supported in SSLv2 or SSLv3, which leaves the TLS 1.x ciphers - http://www.percona.com/blog/2014/10/15/how-to-close-poodle-sslv3-security-flaw-cve-2014-3566/ . All connections failed with "ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)".

      Ideally, MariaDB should have...

      • a configuration value to disable SSLv2/v3
      • a clear statement of which TLS protocol variants are known to work (perhaps qualified by SSL library used – with yaSSL, with OpenSSL...)

      thank you!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                martin.langhoff Martin Langhoff
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: