[MDEV-12193] Discontinue support of unsecure and unsupported OpenSSL versions (< 1.0.1) Created: 2017-03-07  Updated: 2017-06-22  Resolved: 2017-06-22

Status: Closed
Project: MariaDB Server
Component/s: SSL
Fix Version/s: 10.1.25, 10.2.7

Type: Task Priority: Major
Reporter: Georg Richter Assignee: Sergei Golubchik
Resolution: Fixed Votes: 1
Labels: None

Issue Links:
Blocks
blocks MDEV-10332 Server 10.2: Add support for OpenSSL 1.1 Closed
Relates
relates to MDEV-11542 Pointer being freed was not allocated... Closed

 Description   

Currently MariaDB server supports OpenSSL versions 0.9, 1.0, 1.0.1, 1..0.2 (and 1.1 when MDEV-10332 is finished)

  • OpenSSL version 0.9.8 and 1.0 eoled in 2015
  • OpenSSL 1.0.1 eoled in 2016
  • Both versions will not get security updates/fixes anymore
  • All major distros which still support 0.9 or 1.0 didn't fix any CVE during the last 12 months
  • OpenSSL 0.9 doesn't support TLS 1.1 and TLS 1.2
  • mtr tests fail due to lack of ciphers
  • mtr tests fail if server and client don't use the same OpenSSL version (0.9 or 1.0)

Suggestion:

Stop cmake build if OpenSSL version number is < 1.0.1

See also: MySQL Documentation - Building with secure connection support

 Comments   
Comment by Sergei Golubchik [ 2017-05-16 ]

It looks like labrador is the only builder in buildbot that still compiles MariaDB with OpenSSL < 0.9.8.
We can easily switch it to use yassl, and we don't release labrador binaries anyway.

Generated at Thu Feb 08 07:55:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.