[MDEV-6975] Implement TLS protocol - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Fix Version/s: 5.5.41, 10.0.15
Component/s: SSL
Labels:
None

Description

Support for TLS protocols may well be there, but it is not documented; if present, it has no options to control it.

Currently MariaDB claims to support SSLv3. We would like to move away from SSLv3 due to the POODLE vulnerability.

In testing, MariaDB client/server currently cannot connect using any of the TLS protocols. Testing was performed on MariaDB 5.5.32-1 on CentOS 6.x x86_64, compiled against OpenSSL.

We used the technique of trying ciphers that are not supported in SSLv2 or SSLv3, which leaves the TLS 1.x ciphers - http://www.percona.com/blog/2014/10/15/how-to-close-poodle-sslv3-security-flaw-cve-2014-3566/ . All connections failed with "ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)".

Ideally, MariaDB should have...

a configuration value to disable SSLv2/v3
a clear statement of which TLS protocol variants are known to work (perhaps qualified by SSL library used – with yaSSL, with OpenSSL...)

thank you!

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

mysql-tls-ver-test.c
4 kB
2014-11-19 23:35

Issue Links

duplicates

MDEV-8970 Add support for for TLSv1.1 and TLSv1.2

Closed

relates to

MDEV-7547 Include TLS tests in the test suite

Closed

MDEV-19542 Disable SSLv3 and TLSv1.0 by default

Closed

links to

MySQL Bug #75239

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Martin Langhoff

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2014-10-29 16:45

Updated:: 2020-11-02 09:42

Resolved:: 2014-11-19 08:54

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.