[MDEV-31511] MariaDB 10.4 doesn't support OpenSSL 3 Created: 2023-06-21  Updated: 2023-07-28  Resolved: 2023-07-28

Status: Closed
Project: MariaDB Server
Component/s: SSL
Affects Version/s: 10.4.30
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: Minsoo Choo Assignee: Unassigned
Resolution: Incomplete Votes: 0
Labels: 10.4, openssl, security
Environment:

Tested on macOS 14.0. But it affects other operating systems too.

Issue Links:
Blocks
blocks MDEV-25785 Add support for OpenSSL 3.0 Closed

 Description   

I'm currently working for openssl migration in Homebrew title, a macOS and Linux package manager. Our project is trying to migrate all the formulas (or packages) that use OpenSSL 1.1 to OpenSSL 1.3.
When I built MariaDB 10.4 on my Mac (macOS 14.0), cmake generated an error that it is missing gnutls. Since I know that it should take OpenSSL by default instead of gnutls, I tried building other versions of MariaDB (10.5 and above) and they worked. I searched on Jira and MariaDB Github repo to see why MariaDB 10.4 doesn't still support OpenSSL 3, and I figured out that this commit did not apply to 10.4 branch.
The 1.1.1 version of OpenSSL will be End-of-Life on September 11th, whereas the 10.4 version of MariaDB becomes End-of-Life in June 2024. This means that MariaDB 10.4 will be exposed to security issues for nine months after the EOL of OpenSSL.
This is why I would like to ask the MariaDB development team to adopt OpenSSL 3 for MariaDB 10.4. I hope that it will arrive soon.

Regards,
Minsoo Choo

 Comments   
Comment by Daniel Black [ 2023-06-21 ]

There's a lot of effort backporting openssl capability making extensive changes to a stable release that we'd rather not risk.

What's preventing an earlier than expected update to say 10.11 stable LTS?

Alternately 10.4 could build with gnutls.

Generated at Thu Feb 08 10:24:26 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.