Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-6975

Implement TLS protocol

    XMLWordPrintable

Details

    Description

      Support for TLS protocols may well be there, but it is not documented; if present, it has no options to control it.

      Currently MariaDB claims to support SSLv3. We would like to move away from SSLv3 due to the POODLE vulnerability.

      In testing, MariaDB client/server currently cannot connect using any of the TLS protocols. Testing was performed on MariaDB 5.5.32-1 on CentOS 6.x x86_64, compiled against OpenSSL.

      We used the technique of trying ciphers that are not supported in SSLv2 or SSLv3, which leaves the TLS 1.x ciphers - http://www.percona.com/blog/2014/10/15/how-to-close-poodle-sslv3-security-flaw-cve-2014-3566/ . All connections failed with "ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)".

      Ideally, MariaDB should have...

      • a configuration value to disable SSLv2/v3
      • a clear statement of which TLS protocol variants are known to work (perhaps qualified by SSL library used – with yaSSL, with OpenSSL...)

      thank you!

      Attachments

        Issue Links

          Activity

            People

              serg Sergei Golubchik
              martin.langhoff Martin Langhoff
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.