|
It's not possible to connect to a server running with Yassl, if client was built with OpenSSL 3.0:
1st attempt:
/openssl s_client -CAfile /home/georg/work/mariadb/mariadb_server/mysql-test/std_data/cacert.pem --starttls mysql 127.0.0.1:16000
|
CONNECTED(00000003)
|
40278628A47F0000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:ssl/statem/extensions.c:879
|
2nd attempt: (Allow Unsafe legacy renegotiation)
openssl.cnf:
openssl_conf = openssl_init
|
[openssl_init]
|
ssl_conf = ssl_sect
|
[ssl_sect]
|
system_default = system_default_sect
|
|
[system_default_sect]
|
Options = UnsafeLegacyRenegotiation
|
Output of openssl s_client (OpenSSL 3.0):
...
|
SSL handshake has read 2154 bytes and written 340 bytes
|
Verification: OK
|
---
|
New, (NONE), Cipher is (NONE)
|
Server public key is 2048 bit
|
Secure Renegotiation IS NOT supported
|
Compression: NONE
|
Expansion: NONE
|
No ALPN negotiated
|
SSL-Session:
|
Protocol : TLSv1.1
|
Cipher : 0000
|
Session-ID: 58848BE787B02D76DD0F049B5E4AA0FB520B70C604815C6D15BD0417C6D56DD6
|
Session-ID-ctx:
|
Master-Key:
|
PSK identity: None
|
PSK identity hint: None
|
SRP username: None
|
Start Time: 1667068981
|
Timeout : 7200 (sec)
|
Verify return code: 0 (ok)
|
Extended master secret: no
|
Output from OpenSSL 1.1.1:
....
|
SSL handshake has read 2252 bytes and written 683 bytes
|
Verification: OK
|
---
|
New, SSLv3, Cipher is DHE-RSA-AES256-SHA
|
Server public key is 2048 bit
|
Secure Renegotiation IS NOT supported
|
Compression: NONE
|
Expansion: NONE
|
No ALPN negotiated
|
SSL-Session:
|
Protocol : TLSv1.1
|
Cipher : DHE-RSA-AES256-SHA
|
Session-ID: DAFB047628885111F7B1B7AEEBB2B27932E8F9972A570C1F6684B4D0BCBE157F
|
Session-ID-ctx:
|
Master-Key: 009F0C4382CE0131BCA6939192001E70265DE4CD3D86EB6E884E568DBE7608F8259694581623712078B67E61E5A7C594
|
PSK identity: None
|
PSK identity hint: None
|
SRP username: None
|
Start Time: 1667069147
|
Timeout : 7200 (sec)
|
Verify return code: 0 (ok)
|
Extended master secret: no
|
|