[MXS-5083] ssl_version in MaxScale and tls_version in MariaDB behave differently - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 23.08.5, 24.02.1
Fix Version/s: 21.06.16, 22.08.13, 23.02.10, 23.08.6, 24.02.2
Component/s: Core
Labels:
None

Sprint:
MXS-SPRINT-208

Description

The behavior of ssl_version has historically always meant the exact TLS version that must be used. In MaxScale 23.08.4 (~~MXS-4862~~), the interpretation of the parameter was changed to mean the minimum required version. This was done to make it possible to define a minimum TLS version that all clients must use (e.g. TLSv1.2 or newer).

The behavior of tls_version in MariaDB is different. It accepts a list of values that can be used to implement the same behavior that it has in MaxScale but it does have one key difference: with tls_version, it's possible to restrict to an exact set of protocol versions (e.g. TLSv1.1 and TLSv1.3 but not TLSv1.2). As to why anyone would want to do this remains a mystery but this is still an inconsistency between MaxScale and MariaDB.

Attachments

Activity

People

Assignee:: markus makela

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024-04-24 11:13

Updated:: 2024-05-08 17:25

Resolved:: 2024-05-08 17:25

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.