Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-3665

Provide more feedback on TLS cipher mismatch

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: 2.5.20, 6.2.4, 22.08.0
    • Component/s: Core
    • Labels:
      None
    • Sprint:
      MXS-SPRINT-152

      Description

      When getting a TLS "no matching cipher" error it would be nice to get log information about the set of ciphers offered by the clients and those supported by the maxscale instance, to make it more easy to figure out the problem on the Maxscale side.

      This would help in case of TLS connection problems without revealing any sensitive information to a potential client side attacker, as such an attacker could just try out ciphers one by one anyway, while a legitimate client running into this problem may have a harder time figuring out what to do (e.g. may only be able to figure out what ciphers the client application / connector actually offered by capturing TCP traffic ...)

        Attachments

          Activity

            People

            Assignee:
            markus makela markus makela
            Reporter:
            hholzgra Hartmut Holzgraefe
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.