Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-3665

Provide more feedback on TLS cipher mismatch

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Cannot Reproduce
    • None
    • 2.5.20, 6.2.4, 22.08.0
    • Core
    • None
    • MXS-SPRINT-152

    Description

      When getting a TLS "no matching cipher" error it would be nice to get log information about the set of ciphers offered by the clients and those supported by the maxscale instance, to make it more easy to figure out the problem on the Maxscale side.

      This would help in case of TLS connection problems without revealing any sensitive information to a potential client side attacker, as such an attacker could just try out ciphers one by one anyway, while a legitimate client running into this problem may have a harder time figuring out what to do (e.g. may only be able to figure out what ciphers the client application / connector actually offered by capturing TCP traffic ...)

      Attachments

        Activity

          People

            markus makela markus makela
            hholzgra Hartmut Holzgraefe
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.