Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.0.8
-
None
Description
I am not sure if this is a MariaDB Connector/ODBC bug, or if this is a MariaDB Connector/C bug.
I am trying to set SSLCIPHER on Windows, but almost any value that I use results in the following error:
SSL connection error: no cipher match
|
For example, if I use a Linux client, and if I specify --ssl-cipher='AES256-GCM-SHA384', then the proper cipher is used:
$ mysql -u maxscale -ppassword --ssl-cipher='AES256-GCM-SHA384' -h 172.30.0.249
|
Welcome to the MariaDB monitor. Commands end with ; or \g.
|
Your MariaDB connection id is 37
|
Server version: 10.1.38-MariaDB MariaDB Server
|
|
|
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
|
|
|
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
|
|
|
MariaDB [(none)]> SHOW SESSION STATUS LIKE 'Ssl_cipher';
|
+---------------+-------------------+
|
| Variable_name | Value |
|
+---------------+-------------------+
|
| Ssl_cipher | AES256-GCM-SHA384 |
|
+---------------+-------------------+
|
1 row in set (0.00 sec)
|
MariaDB Connector/C seems to support OpenSSL's cipher names even when it is linked against Schannel, since it maintains a cipher map here:
And it checks the map here:
And I see that AES256-GCM-SHA384 is listed in the cipher map:
However, if I set SSLCIPHER to AES256-GCM-SHA384, then I get the "no cipher match" error.
I see that the Schannel name for this cipher is TLS_RSA_WITH_AES_256_GCM_SHA384:
https://docs.microsoft.com/en-us/windows/desktop/secauthn/tls-cipher-suites-in-windows-10-v1809
If I set SSLCIPHER to TLS_RSA_WITH_AES_256_GCM_SHA384, then I also get the "no cipher match" error.
The only values that seem to work in SSLCIPHER so far are the special protocol values, like "TLSv1.0", "TLSv1.2", etc.
