[MDEV-25799] tls_version=TLSv1.3 does not work with WolfSSL based server builds Created: 2021-05-27 Updated: 2021-07-21 Resolved: 2021-07-21 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Server, SSL |
| Affects Version/s: | None |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Major |
| Reporter: | Hartmut Holzgraefe | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||||||
| Description |
|
I've set up two machines, one named "openssl" with MariaDB installed from our own Ubuntu package repository, so built against OpenSSL, and one named "wolfssl" with MariaDB installed from our generic Linux binary tarball, so built against WolfSSL Both servers are set up for SSL/TLS, and are configured to enforce TLSv1.3 with
The mysql command line client is able to connect to the OpenSSL based MariaDB server using encryption from both machines just fine. Neither client can connect to the WolfSSL based server though. The client using OpenSSL reports:
And the WolfSSL based client basically reports the same, just with different wording:
When removing the
line from the configuration file, and restarting the MariaDB server using WolfSSL, encrypted connections are possible, but only use TLSv1.2 When connecting from the WolfSSL based client to the OpenSSL based server, both agree on using TSLv1.3 as the highest mutually supported version though. |
| Comments |
| Comment by Vladislav Vaintroub [ 2021-07-21 ] |
|
There is no WolfSSL-based client. C/C does not support building WolfSSL-based clients, allegedly because of the licensing issues. |