[MDEV-6975] Implement TLS protocol Created: 2014-10-29  Updated: 2020-11-02  Resolved: 2014-11-19

Status: Closed
Project: MariaDB Server
Component/s: SSL
Fix Version/s: 5.5.41, 10.0.15

Type: Task Priority: Major
Reporter: Martin Langhoff Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: None

Attachments: Text File mysql-tls-ver-test.c    
Issue Links:
Duplicate
duplicates MDEV-8970 Add support for for TLSv1.1 and TLSv... Closed
Relates
relates to MDEV-7547 Include TLS tests in the test suite Closed
relates to MDEV-19542 Disable SSLv3 and TLSv1.0 Closed

 Description   

Support for TLS protocols may well be there, but it is not documented; if present, it has no options to control it.

Currently MariaDB claims to support SSLv3. We would like to move away from SSLv3 due to the POODLE vulnerability.

In testing, MariaDB client/server currently cannot connect using any of the TLS protocols. Testing was performed on MariaDB 5.5.32-1 on CentOS 6.x x86_64, compiled against OpenSSL.

We used the technique of trying ciphers that are not supported in SSLv2 or SSLv3, which leaves the TLS 1.x ciphers - http://www.percona.com/blog/2014/10/15/how-to-close-poodle-sslv3-security-flaw-cve-2014-3566/ . All connections failed with "ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)".

Ideally, MariaDB should have...

  • a configuration value to disable SSLv2/v3
  • a clear statement of which TLS protocol variants are known to work (perhaps qualified by SSL library used – with yaSSL, with OpenSSL...)

thank you!



 Comments   
Comment by Martin Langhoff [ 2014-10-29 ]

A simple test is to pick a cipher that is only available for the TLS protocols, and try to use it from the client side:

 mysql -h $(hostname -f )   --ssl-cert client-cert.pem --ssl-key client-key.pem -u testuser -ppassword --ssl --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384   test_db
 
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

List Ciphers, filtering out sslv2/3, based on ciphers available in OpenSSL v1.0.1e

echo ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5 | sed 's/:/\n/g' | sed 's/Ssl_cipher_list\s//g' | while read sspec; do openssl ciphers -v "$sspec" | grep -v 'SSLv\(2\|3\)' 2>/dev/null  ; done 
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
 
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
 
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
 
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
 
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
 
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
 
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
 
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
 
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
 
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
 
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
 
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
 
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
 
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
 
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
 
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
 
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
 
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
 
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
 
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
 
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
 
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
 
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
 
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
 
ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
 
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
 
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
 
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256

Now combine the two:

echo ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5 | sed 's/:/\n/g' | sed 's/Ssl_cipher_list\s//g' | while read sspec; do SPEC=`openssl ciphers -v "$sspec" 2>/dev/null | grep -v 'SSLv\(2\|3\)' | awk '{print $1}'`; [[ "$sspec" == "$SPEC" ]] && (echo -n $sspec; mysql --ssl-cipher=$sspec --ssl-cert client-cert.pem --ssl-key client-key.pem -u testuser -ppassword --ssl -e QUIT ) && echo "$sspec OK"; done 
ECDHE-RSA-AES256-GCM-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDHE-ECDSA-AES256-GCM-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDHE-RSA-AES256-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDHE-ECDSA-AES256-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
DHE-DSS-AES256-GCM-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
DHE-RSA-AES256-GCM-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
DHE-RSA-AES256-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
DHE-DSS-AES256-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDH-RSA-AES256-GCM-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDH-ECDSA-AES256-GCM-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDH-RSA-AES256-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDH-ECDSA-AES256-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
AES256-GCM-SHA384ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
AES256-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDHE-RSA-AES128-GCM-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDHE-ECDSA-AES128-GCM-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDHE-RSA-AES128-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDHE-ECDSA-AES128-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
DHE-DSS-AES128-GCM-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
DHE-RSA-AES128-GCM-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
DHE-RSA-AES128-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
DHE-DSS-AES128-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDH-RSA-AES128-GCM-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDH-ECDSA-AES128-GCM-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDH-RSA-AES128-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
ECDH-ECDSA-AES128-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
AES128-GCM-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
 
AES128-SHA256ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

If you relax the restrictions (i.e.: allow sslv3) the SSLv3 ciphers succeed.

Comment by Martin Langhoff [ 2014-11-19 ]

What is the resolution on this bug? I cannot spot any related commits in a quick check of the main git repos.

Comment by Martin Langhoff [ 2014-11-19 ]

Looks like 5.5 is still under bazaar. Found related commits at https://code.launchpad.net/~maria-captains/maria/5.5 - commits 4363 to 4366. Thank you!

Comment by Sergei Golubchik [ 2014-11-19 ]

The actual bug fix is in revision 4365, file vio/viosslfactories.c.
Everything else is related to testing

Comment by Martin Langhoff [ 2014-11-19 ]

Yes, spotted it, thanks!

Comment by Tomas Hoger [ 2014-11-19 ]

Out of curiosity, how was the initial testing done? I did some Poodle related testing and code inspection with MySQL with rather different results to those noted above. My findings were:

  • MySQL was not affected by Poodle. It only used TLS version 1.0 (see the TLSv1_client_method / TLSv1_server_method in the code). This was true for multiple MySQL versions, iirc 4.x was the oldest I looked at. I don't think I tested MariaDB, but the relevant code was no different.
  • The actual fix in r4365 seems more likely to introduce Poodle rather than fix it. It replaces TLSv1_*_method with SSLv23_*_method which, as noted in the commit message, enables all SSL and TLS versions supported by the underlying OpenSSL version (i.e. SSLv2 - TLSv1 for version 1.0.0 and before, and SSLv2 - TLSv1.2 for 1.0.1). So the actual effect of the fix is that TLS 1.1+ is enabled by this change (probably a good thing unless yaSSL has any issues with them), but also enables SSLv2 and SSLv3 (bad thing, as it should not be needed as there should be no existing clients or servers needing those, so no "backwards compatibility" to justify having them enabled).

If you want to enable TLS 1.1+ support, you should really add something like:

  SSL_CTX_set_options(ssl_fd->ssl_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

Also note that you can not disable SSLv3 via OpenSSL cipher list without disabling TLSv1.0 too. There are no TLSv1.0 ciphers that are not SSLv3 ciphers too.

Comment by Martin Langhoff [ 2014-11-19 ]

I have documented a summarized version of my initial testing in the description and first comment on this task. When I filed it I was not certain whether MariaDB was being not very well documented in this regard.

I took the statement from the docs that it supported "SSL v3" at face value, did not do protocol analysis on it, nor tried to attack it.

Comment by Tomas Hoger [ 2014-11-19 ]

Thank yo for the clarification. I managed to parse those one-liners now somehow.

As noted above, it's wrong way to test whether MariaDB / MySQL supports SSLv3 or TLSv1. Ciphers that the "openssl ciphers" command lists as SSLv3 are also used by TLS 1.0 and 1.1. The ciphers you are trying to connect with are only in TLS 1.2, so your connection attempt fails when server only supports TLS 1.0. No Poodles here though.

Comment by Sergei Golubchik [ 2014-11-19 ]

My intention, in turn, was to enable support for TLSv1.2. It was supposed to be up to the user to select TLSv1.2 ciphers only.
But I guess, I can still explicitly disable SSLv3 via SSL_CTX_set_options(), as you suggest. Thanks.

Comment by Martin Langhoff [ 2014-11-19 ]

Great to hear. At my end, given that MariaDB does not support SSLv3, but only TLSv1, a docs update indicating so would be satisfactory.

Unlocking support for newer versions of TLS is of course a good outcome too.

Comment by Tomas Hoger [ 2014-11-19 ]

If users should be able to disable specific TLS protocol versions, there will need to be a separate configuration option for that (similar to httpd's SSLProtocol or nginx's ssl_protocols). Cipher string in general can not do that. Examples:

  • In the past, you could use 'DEFAULT:!SSLv2' to practically disable SSLv2 and leave SSLv3 and TLSv1 enabled, because SSLv2 ciphers were noted used by SSLv3 or later.
  • However, the similar 'DEFAULT:!SSLv3' can not be used to disable SSLv3 and only enable TLSv1.0 and later.
  • Users may also ask for a way to disable TLSv1.0 and only enable 1.1 or later because of BEAST. The 'DEFAULT:!SSLv3' somewhat does the trick, but it only enables ciphers new in TLS 1.2.

There may be a little immediate need now, but it seems to be the way to go long term.

Comment by Tomas Hoger [ 2014-11-19 ]

A simple test program that attempts to establish TLS connection with MySQL / MariaDB and prints TLS session information similar to what's printed by openssl s_client.

Comment by Tomas Hoger [ 2014-11-20 ]

For posterity, this commit now disables SSLv2 and SSLv3 as discussed above:

http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/4369

Thank you!

Comment by Daniël van Eeden [ 2015-01-19 ]

Related bug for Support for TLSv1.1 and TLSv1.2 in MySQL

Comment by Julien Fritsch [ 2020-10-01 ]

Micada may I ask why you added the link "This issue is blocked by MDEV-23604" to this already closed issue?

Generated at Thu Feb 08 07:16:01 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.