Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2762

Add support for TLSv1.3 when built with OpenSSL 1.1.1 and later

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 2.3.13, 2.4.2
    • 2.3.15
    • Core
    • None

    Description

      OpenSSL 1.1.1 and later supports TLSv1.3. See here:

      https://wiki.openssl.org/index.php/TLS1.3

      This version of OpenSSL and its support for TLSv1.3 are included in RHEL 8 and Ubuntu 18.04. See here:

      https://www.redhat.com/en/blog/transport-layer-security-version-13-red-hat-enterprise-linux-8

      https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386

      Based on the documentation and the source code, it appears that MaxScale only supports up to TLSv1.2 at the moment:

      https://mariadb.com/kb/en/mariadb-maxscale-24-mariadb-maxscale-configuration-guide/#ssl_version

      https://github.com/mariadb-corporation/MaxScale/blob/maxscale-2.4.3/server/core/ssl.cc#L41

      We should make sure that MaxScale supports TLSv1.3 when it is built with OpenSSL 1.1.1 or later.

      Attachments

        Issue Links

          Activity

            People

              markus makela markus makela
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.