[MDEV-9703] main.openssl_6975 test fails with BoringSSL on systems with no AES hardware - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Incomplete
Affects Version/s: 10.0.24
Fix Version/s: N/A
Component/s: SSL, Tests
Labels:
None
Environment:
Linux 3.13 w/ BoringSSL https://boringssl.googlesource.com/boringssl/

Description

In BoringSSL, the order of preferred ciphers depends on whether or not the system supports hardware accelerated AES. (See: https://boringssl.googlesource.com/boringssl/+/refs/heads/master/ssl/ssl_cipher.c#1415)

The main.openssl_6975 MariaDB test checks which cipher is negotiated, and always expects ECDHE-RSA-AES256-GCM-SHA384, which is the preferred cipher when hardware acceleration is available. When running on machines without hardware acceleration (such as, for instance, under Memory Sanitizer), the preferred cipher in BoringSSL is ECDHE-RSA-CHACHA20-POLY1305.

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: David Gow

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2016-03-09 18:29

Updated:: 2022-11-10 13:53

Resolved:: 2022-11-10 13:52

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.