odbc-test-ciphers.php
openssl-1.0.2k.html
openssl-1.1.1f.html
[MDEV-19278] TLS cipher is not negotiated correctly in REQUIRE CIPHER Created: 2019-04-18 Updated: 2022-01-08 Resolved: 2022-01-08 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Authentication and Privilege System, Documentation, SSL |
| Affects Version/s: | 10.3.14 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Major |
| Reporter: | Thomas | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Environment: |
RHEL/CentOS 7.6.1810 |
||
| Attachments: |
odbc-test-ciphers.php
openssl-1.0.2k.html
openssl-1.1.1f.html
|
| Description |
|
When you use a cipher string in create/alter user with REQUIRE like described here [Note] X509 ciphers mismatch: should be 'TLSv1.2' but is 'DHE-RSA-AES256-GCM-SHA384' |
| Comments |
| Comment by Thomas [ 2019-04-18 ] | ||||||||||||||||||||||||||||||
|
To be honest there seems to be a lot going wrong regarding TLS connections/handshakes under the hood. After doing some more investigation, e.g. this is not possible, too.
Then you can connect with a client, does not matter if command line or not. with using ssl. But you cannot connect with for instance ECDHE-RSA-AES256-GCM-SHA384, the really only cipher which is accepted is DHE-RSA-AES256-GCM-SHA384, from command line and from other cllients. Other ciphers generate handshake errors. EDIT : This is not true, you can use DHE ciphers not just the one mentioned but for instance no ECDHE ciphers at all EDIT OFF. Although the ciphers are in the cipher list.
| ||||||||||||||||||||||||||||||
| Comment by Sergei Golubchik [ 2019-04-19 ] | ||||||||||||||||||||||||||||||
|
How did you create the user that you cannot connect to, what does SHOW CREATE USER show? | ||||||||||||||||||||||||||||||
| Comment by Thomas [ 2019-04-19 ] | ||||||||||||||||||||||||||||||
|
First of all the second problem in my comment is not user dependent at all, it is a global problem. You simply cannot connect with ECDHE ciphers for instance, also as root
but also only with DHE ciphers | ||||||||||||||||||||||||||||||
| Comment by Hartmut Holzgraefe [ 2021-09-14 ] | ||||||||||||||||||||||||||||||
|
It seems to be a platform specific problem, or more precise: a SSL library version related one. When trying ECDHE-RSA-AES256-GCM-SHA384 with MariaDB 10.5 server and client both on Ubuntu 20.04 "Focal", which comes with OpenSSL 1.1.1f, it works fine with TLSv1.2 (but picks TLS_AES_256_GCM_SHA384 when requesting/enforcing TLSv1.3, which is OK according to te TLSv1.3 standard). But when trying to connect with an equally configured 10.5 installation on CentOS 7, which still uses OpenSSL 1.0.2k-fips, I'm getting ERROR 2026 (HY000): SSL connection error: sslv3 alert handshake failure So we have two problems here: 1) With OpenSSL 1.0.2k none of the ECDHE-* ciphers actually work. With OpenSSL 1.1.1f ECDHE-RSA-* ciphers work, but ECDHE-ECDSA-* and ECDHE-PSK-* ones still fail. 2) The list of ciphers reported in the Ssl_cipher_list status variable is not correct, it is not possible to connect using all of the ciphers listed there. OpenSSL seems to report the list of ciphers it has support for in general here, not the list of ciphers that will actually work with the current library version, server code, and server configuration. For my current tests I used:
For testing I invoke the client as mysql --user=... --password=... --host=... --ssl --ssl-ca=/etc/mysql/ssl/cacert.pem --tls-version=... --ssl-cipher=... iterating over all TLS versions and SSL ciphers the given server reports as supported according to the tls_version config variable and the ssl_cipher_list status variabe, retrieving those values right before performing the actual test iteration loops. The client binary used was always the one installed on Ubuntu, using OpenSSL 1.1.1f I processed the various connection results/errors and created two HTML summaries from thee, one with the Server using OpenSSL 1.1.1f, the other with the server using the older 1.0.2k. Red cells show errors, yellow cells show the server picking a different cipher, or the default one if none was given, green cells show that the cipher the client and server agreed on was the same that the client explicitly requested. | ||||||||||||||||||||||||||||||
| Comment by Hartmut Holzgraefe [ 2021-09-14 ] | ||||||||||||||||||||||||||||||
|
For "2) The list of ciphers reported in the Ssl_cipher_list status variable is not correct, it is not possible to connect using all of the ciphers listed there." I'm going to report a different MDEV ... | ||||||||||||||||||||||||||||||
| Comment by Hartmut Holzgraefe [ 2021-09-14 ] | ||||||||||||||||||||||||||||||
|
I'm also considering to extend my test script for this a bit more so that it does a tcpdump capture for each of the connection attempts, and to run tests with YaSSL/WolfSSL based servers and clients, and Windows SChannel based clients, too, to get a full picture of actually supported ciphers ... | ||||||||||||||||||||||||||||||
| Comment by Hartmut Holzgraefe [ 2021-09-27 ] | ||||||||||||||||||||||||||||||
|
attached my odbc-test-ciphers.php test script | ||||||||||||||||||||||||||||||
| Comment by Sergei Golubchik [ 2022-01-08 ] | ||||||||||||||||||||||||||||||
|
Back to the original bug report, ECDHE aside, it's an error in how REQUIRE CIPHER is documented in the KB. Revision https://mariadb.com/kb/en/create-user/+r/77357/ was still correct, saying
Revision https://mariadb.com/kb/en/create-user/+r/77358/ is the first wrong one, saying
But it still had the correct example with CIPHER 'SHA-DES-CBC3-EDH-RSA'. And then a revision https://mariadb.com/kb/en/create-user/+r/81279/ changed the example to CIPHER 'TLSv1.2' that never worked or was supposed to be working. The manual is now fixed, thanks. |
