Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2762

Add support for TLSv1.3 when built with OpenSSL 1.1.1 and later

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.2, 2.3.13
    • Fix Version/s: 2.3.15
    • Component/s: Core
    • Labels:
      None

      Description

      OpenSSL 1.1.1 and later supports TLSv1.3. See here:

      https://wiki.openssl.org/index.php/TLS1.3

      This version of OpenSSL and its support for TLSv1.3 are included in RHEL 8 and Ubuntu 18.04. See here:

      https://www.redhat.com/en/blog/transport-layer-security-version-13-red-hat-enterprise-linux-8

      https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386

      Based on the documentation and the source code, it appears that MaxScale only supports up to TLSv1.2 at the moment:

      https://mariadb.com/kb/en/mariadb-maxscale-24-mariadb-maxscale-configuration-guide/#ssl_version

      https://github.com/mariadb-corporation/MaxScale/blob/maxscale-2.4.3/server/core/ssl.cc#L41

      We should make sure that MaxScale supports TLSv1.3 when it is built with OpenSSL 1.1.1 or later.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              markus makela markus makela
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Git Integration