[#MXS-4862] ssl_version should specify minimum version

[MXS-4862] ssl_version should specify minimum version Created: 2023-11-15 Updated: 2023-12-13 Resolved: 2023-12-04
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	Core
Affects Version/s:	6.4.13, 22.08.11, 23.02.7, 23.08.3
Fix Version/s:	6.4.14, 22.08.12, 23.02.8, 23.08.4

Type:

New Feature

Priority:

Critical

Reporter:

Edward Stoever

Assignee:

Esa Korhonen

Resolution:

Fixed

Votes:

Labels:

triage

Sprint:

MXS-SPRINT-196, MXS-SPRINT-197

Description

The configuration value should be interpreted as a minimum version, banning any previous TLS versions. The default value "MAX" still allows all versions for backwards compatibility.

Original Description:
-----------------------------------
SSL_VERSION configuration has default value of MAX. This will guarantee that the strongest available encryption is used. However, it allows deprecated versions of SSL:
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)

Customer would like to see a way to ensure that deprecated versions not be included. Examples might be:

SSL_VERSION=MAX_NOT_DEPRECATED
or
SSL_VERSION=1.2,1.3

Generated at Thu Feb 08 04:31:41 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-4862] ssl_version should specify minimum version Created: 2023-11-15 Updated: 2023-12-13 Resolved: 2023-12-04