Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2762

Add support for TLSv1.3 when built with OpenSSL 1.1.1 and later

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 2.3.13, 2.4.2
    • 2.3.15
    • Core
    • None

    Description

      OpenSSL 1.1.1 and later supports TLSv1.3. See here:

      https://wiki.openssl.org/index.php/TLS1.3

      This version of OpenSSL and its support for TLSv1.3 are included in RHEL 8 and Ubuntu 18.04. See here:

      https://www.redhat.com/en/blog/transport-layer-security-version-13-red-hat-enterprise-linux-8

      https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386

      Based on the documentation and the source code, it appears that MaxScale only supports up to TLSv1.2 at the moment:

      https://mariadb.com/kb/en/mariadb-maxscale-24-mariadb-maxscale-configuration-guide/#ssl_version

      https://github.com/mariadb-corporation/MaxScale/blob/maxscale-2.4.3/server/core/ssl.cc#L41

      We should make sure that MaxScale supports TLSv1.3 when it is built with OpenSSL 1.1.1 or later.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MXS-2760 ssl_version value conversion is wrong

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              markus makela markus makela
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.