Details
-
New Feature
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Cannot Reproduce
-
None
-
None
-
MXS-SPRINT-152
Description
When getting a TLS "no matching cipher" error it would be nice to get log information about the set of ciphers offered by the clients and those supported by the maxscale instance, to make it more easy to figure out the problem on the Maxscale side.
This would help in case of TLS connection problems without revealing any sensitive information to a potential client side attacker, as such an attacker could just try out ciphers one by one anyway, while a legitimate client running into this problem may have a harder time figuring out what to do (e.g. may only be able to figure out what ciphers the client application / connector actually offered by capturing TCP traffic ...)