ssl_cipher parameter cannot configure TLSv1.3 and TLSv1.2 ciphers at the same time

SSL_CTX_set_ciphersuites() sets the TLSv1.3 cipher suites. SSL_CTX_set_cipher_list() sets the ciphers for TLSv1.2 and below. The current TLS configuration logic will not perform SSL_CTX_set_cipher_list() to configure TLSv1.2 ciphers if the call to SSL_CTX_set_ciphersuites() was successful. The call to SSL_CTX_set_ciphersuites() is successful if any TLSv1.3 cipher suite is passed into `--ssl-cipher`. This is a potential security vulnerability because users trying to restrict specific secure ciphers for TLSv1.3 and TLSv1.2, would unknowingly still have the database support insecure TLSv1.2 ciphers. For example: If setting `--ssl_cipher=TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256`, the database would still support all possible TLSv1.2 ciphers rather than only ECDHE-RSA-AES128-GCM-SHA256. The solution is to execute both SSL_CTX_set_ciphersuites() and SSL_CTX_set_cipher_list() even if the first call succeeds. This allows the configuration of exactly which TLSv1.3 and TLSv1.2 ciphers to support. Note that there is 1 behavior change with this. When specifying only TLSv1.3 ciphers to `--ssl-cipher`, the database will not support any TLSv1.2 cipher. However, this does not impose a security risk and considering TLSv1.3 is the modern protocol, this behavior should be fine. All TLSv1.3 ciphers are still supported if only TLSv1.2 ciphers are specified through `--ssl-cipher`. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
2025-01-28 17:54:16 +01:00 · 2024-09-04 00:58:59 +00:00 · 2024-09-04 00:58:59 +00:00 · be164fc401
commit be164fc401
parent 9f61aa4f8a
5 changed files with 87 additions and 7 deletions
--- a/mysql-test/include/have_tlsv13.inc
+++ b/mysql-test/include/have_tlsv13.inc
@ -0,0 +1,10 @@
+--disable_query_log
+connect (ssl_connection,localhost,root,,,,,SSL);
+
+if (`SELECT VARIABLE_VALUE NOT LIKE 'TLSv1.3' FROM information_schema.SESSION_STATUS WHERE VARIABLE_NAME = 'ssl_version'`) {
+  skip Needs TLSv1.3;
+}
+
+disconnect ssl_connection;
+connection default;
+--enable_query_log
--- a/mysql-test/main/tlsv13.result
+++ b/mysql-test/main/tlsv13.result
@ -0,0 +1,18 @@
+# restart: --ssl-cipher=TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384
+Variable_name	Value
+Ssl_cipher	TLS_AES_128_GCM_SHA256
+Ssl_cipher_list	TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384
+Variable_name	Value
+Ssl_cipher	ECDHE-RSA-AES256-GCM-SHA384
+Ssl_cipher_list	TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384
+ERROR 2026 (HY000): TLS/SSL error: ssl/tls alert handshake failure
+ERROR 2026 (HY000): TLS/SSL error: ssl/tls alert handshake failure
+# restart: --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384
+Variable_name	Value
+Ssl_cipher	TLS_AES_128_GCM_SHA256
+Variable_name	Value
+Ssl_cipher	ECDHE-RSA-AES256-GCM-SHA384
+# restart: --ssl-cipher=TLS_AES_128_GCM_SHA256
+Variable_name	Value
+Ssl_cipher	TLS_AES_128_GCM_SHA256
+Ssl_cipher_list	TLS_AES_128_GCM_SHA256
--- a/mysql-test/main/tlsv13.test
+++ b/mysql-test/main/tlsv13.test
@ -0,0 +1,43 @@
+--source include/have_ssl_communication.inc
+--source include/require_openssl_client.inc
+--source include/have_tlsv13.inc
+
+#
+# BUG - SSL_CIPHER SYSTEM VARIABLE CANNOT CONFIGURE TLSV1.3 AND TLSV1.2 CIPHERS AT THE SAME TIME
+#
+# If users specify TLSv1.3 and TLSv1.2 ciphers, it will only configure the
+# TLSv1.3 ciphers correctly but then it will keep all TLSv1.2 ciphers enabled.
+#
+# This is a potential security vulnerability because users trying to restrict
+# secure TLSv1.3 and TLSv1.2 ciphers will unintentionally have insecure TLSv1.2
+# ciphers enabled on the database.
+#
+let $restart_parameters=--ssl-cipher=TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384;
+source include/restart_mysqld.inc;
+
+--exec $MYSQL --host=localhost --ssl-cipher=TLS_AES_128_GCM_SHA256 --tls-version=TLSv1.3 -e "SHOW STATUS LIKE 'Ssl_cipher%';"
+--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher%';"
+
+# Check that other ciphers are correctly not supported by the server
+--replace_regex /sslv3 alert handshake failure/ssl\/tls alert handshake failure/
+--error 1
+--exec $MYSQL --host=localhost --ssl-cipher=TLS_AES_256_GCM_SHA384 --tls-version=TLSv1.3 -e "SHOW STATUS LIKE 'Ssl_cipher';" 2>&1
+
+--replace_regex /sslv3 alert handshake failure/ssl\/tls alert handshake failure/
+--error 1
+--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher';" 2>&1
+
+# TLSv1.3 ciphers are still supported if only TLSv1.2 ciphers are passed to --ssl-cipher
+let $restart_parameters=--ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384;
+source include/restart_mysqld.inc;
+--exec $MYSQL --host=localhost --ssl-cipher=TLS_AES_128_GCM_SHA256 --tls-version=TLSv1.3 -e "SHOW STATUS LIKE 'Ssl_cipher';"
+--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher';"
+--error 1
+--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher';"
+
+# TLSv1.2 ciphers are not supported if only TLSv1.3 ciphers are passed to --ssl-cipher
+let $restart_parameters=--ssl-cipher=TLS_AES_128_GCM_SHA256;
+source include/restart_mysqld.inc;
+--exec $MYSQL --host=localhost --ssl-cipher=TLS_AES_128_GCM_SHA256 --tls-version=TLSv1.3 -e "SHOW STATUS LIKE 'Ssl_cipher%';"
+--error 1
+--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher';"
--- a/mysql-test/suite.pm
+++ b/mysql-test/suite.pm
@ -71,6 +71,9 @@ sub skip_combinations {
  $skip{'main/ssl_7937.combinations'} = [ 'x509v3' ]
    unless $ssl_lib =~ /WolfSSL/ or $openssl_ver ge "1.0.2";

+  $skip{'main/tlsv13.test'} = 'does not work with OpenSSL <= 1.1.1'
+    unless $ssl_lib =~ /WolfSSL/ or $openssl_ver ge "3.0.0";
+
  $skip{'main/ssl_verify_ip.test'} = 'x509v3 support required'
    unless $openssl_ver ge "1.0.2";

--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@ -295,16 +295,22 @@ new_VioSSLFd(const char *key_file, const char *cert_file,

  /*
    Set the ciphers that can be used
-    NOTE: SSL_CTX_set_cipher_list will return 0 if
+    NOTE: SSL_CTX_set_ciphersuites/SSL_CTX_set_cipher_list will return 0 if
    none of the provided ciphers could be selected
  */
-  if (cipher &&
-      SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, cipher) == 0 &&
-      SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0)
+  if (cipher)
  {
-    *error= SSL_INITERR_CIPHERS;
-    DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
-    goto err2;
+    int cipher_result= 0;
+
+    cipher_result|= SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, cipher);
+    cipher_result|= SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher);
+
+    if (cipher_result == 0)
+    {
+      *error= SSL_INITERR_CIPHERS;
+      DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
+      goto err2;
+    }
  }

  /* Load certs from the trusted ca */