[MDEV-19100] [Feature] Issue#53 Support TLSv1.2 SSL Protocol Created: 2019-03-31  Updated: 2019-04-01  Resolved: 2019-04-01

Status: Closed
Project: MariaDB Server
Component/s: Compiling, SSL
Fix Version/s: N/A

Type: Task Priority: Major
Reporter: Anel Husakovic Assignee: Sergei Golubchik
Resolution: Won't Fix Votes: 0
Labels: None

Epic Link: AliSQL patches

 Description    

Description
 
===========
 
Bundled openSSL (openssl-1.0.1u) source codes to compile statically instead of yaSSL,
 
then MySQL server can support TLSv1.2 SSL protocol.
 
For the compatibility, we supply new parameter '--tls-version' to control how to decide the
 
supportable TLS version.
 
If compiled with openSSL, then tls-version default value 'TLSv1, TLSv1.1, TLSv1.2'
 
If compiled with yaSSL, then tls-version default value 'TLSv1, TLSv1.1'
 
Also the added cmake option: DWITH_SSL=openssl means that openssl was built statically.
 
 
 
Compatibility
 
=============
 
The TLS Protocol version matrix:
 
-----------------------------------------------------------------------
 
                    Pre_Server   Post_yaSSL_Server  Post_openSSL_Server
 
Pre_Client          TLSv1.0      TLSv1.0            TLSv1.0
 
Post_yaSSL_Client   TLSv1.0      TLSv1.1            TLSv1.1
 
Post_openSSL_Client TLSv1.0      TLSv1.1            TLSv1.2
 
-----------------------------------------------------------------------

https://github.com/alibaba/AliSQL/commit/a6cc59f86386b444c7f6025458509964c75fb09a

 Comments   
Comment by Sergei Golubchik [ 2019-04-01 ]

No, we cannot bundle OpenSSL for legal reasons

Generated at Thu Feb 08 08:49:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.