[MDEV-15987] TLSv1.1 not working Created: 2018-04-23  Updated: 2018-10-04  Resolved: 2018-10-04

Status: Closed
Project: MariaDB Server
Component/s: SSL
Affects Version/s: 10.0.29, 10.1.31
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Sander Hoentjen Assignee: Unassigned
Resolution: Not a Bug Votes: 0
Labels: None
Environment:

CloudLinux 6, OpenSSL 1.0.1e-fips 11 Feb 2013



 Description   

On my versions of MariaDB, turning on TLSv1.1 doesn't work.
I can use:

ssl_cipher = TLSv1.2

Now tls works fine, with version 1.2
I can also use

ssl_cipher = TLSv1.1,TLSv1.2

But now still only tls 1.2 works.
If I use

ssl_cipher = TLSv1.1

Then tls stops working, and SHOW VARIABLES LIKE '%ssl%'; gives:

+---------------------+----------------------------------------------------+
 
| Variable_name       | Value                                              |
 
+---------------------+----------------------------------------------------+
 
| have_openssl        | YES                                                |
 
| have_ssl            | DISABLED                                           |
 
| ssl_ca              |                                                    |
 
| ssl_capath          |                                                    |
 
| ssl_cert            | /etc/pki/tls/certs/webhostingserver.nl.fullchain   |
 
| ssl_cipher          | TLSv1.1,TLSv1.3                                    |
 
| ssl_crl             |                                                    |
 
| ssl_crlpath         |                                                    |
 
| ssl_key             | /etc/pki/tls/private/webhostingserver.nl.mysql.key |
 
| version_ssl_library | OpenSSL 1.0.1e-fips 11 Feb 2013                    |
 
+---------------------+----------------------------------------------------+



 Comments   
Comment by Sergei Golubchik [ 2018-04-25 ]

This might be caused by FIPS. See https://wiki.openssl.org/index.php/FIPS_mode_and_TLS

Comment by Elena Stepanova [ 2018-09-04 ]

Do we still need to keep it open? It doesn't look like something is to be done on MariaDB side – or is it?

Comment by Elena Stepanova [ 2018-10-04 ]

Feel free to re-open (or to comment with a request to re-open) if there is still something to be done on MariaDB side.

Generated at Thu Feb 08 08:25:31 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.