[MDEV-9703] main.openssl_6975 test fails with BoringSSL on systems with no AES hardware Created: 2016-03-09 Updated: 2022-11-10 Resolved: 2022-11-10 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | SSL, Tests |
| Affects Version/s: | 10.0.24 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Minor |
| Reporter: | David Gow | Assignee: | Sergei Golubchik |
| Resolution: | Incomplete | Votes: | 0 |
| Labels: | None | ||
| Environment: |
Linux 3.13 w/ BoringSSL https://boringssl.googlesource.com/boringssl/ |
||
| Description |
|
In BoringSSL, the order of preferred ciphers depends on whether or not the system supports hardware accelerated AES. (See: https://boringssl.googlesource.com/boringssl/+/refs/heads/master/ssl/ssl_cipher.c#1415) The main.openssl_6975 MariaDB test checks which cipher is negotiated, and always expects ECDHE-RSA-AES256-GCM-SHA384, which is the preferred cipher when hardware acceleration is available. When running on machines without hardware acceleration (such as, for instance, under Memory Sanitizer), the preferred cipher in BoringSSL is ECDHE-RSA-CHACHA20-POLY1305. |
| Comments |
| Comment by Elena Stepanova [ 2016-03-10 ] |
|
I don't know if we are supposed to be compatible with forks of OpenSSL, especially those that are described this way by their creator:
I'll leave it to serg to decide. |
| Comment by Elena Stepanova [ 2022-11-10 ] |
|
It doesn't seem to be maintained anyway. |