mirror of
https://github.com/MariaDB/server.git
synced 2025-11-03 20:36:16 +01:00
8a9c1e9ccf
Summary of changes - MD_CTX_SIZE is increased - EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points to nobody knows where. The assumption made previously was that (since the function does not seem to be documented) was that it points to the last partial source block. Add own partial block buffer for NOPAD encryption instead - SECLEVEL in CipherString in openssl.cnf had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible (according to https://github.com/openssl/openssl/blob/openssl-3.0.0/NEWS.md even though the manual for SSL_CTX_get_security_level claims that it should not be necessary) - Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers, in addition to what was set in --ssl-cipher - ctx_buf buffer now must be aligned to 16 bytes with openssl( previously with WolfSSL only), ot crashes will happen - updated aes-t , to be better debuggable using function, rather than a huge multiline macro added test that does "nopad" encryption piece-wise, to test replacement of EVP_CIPHER_CTX_buf_noconst part of MDEV-29000
12 lines
298 B
INI
12 lines
298 B
INI
# Toplevel section for openssl (including libssl)
|
|
openssl_conf = default_conf_section
|
|
|
|
[default_conf_section]
|
|
# We only specify configuration for the "ssl module"
|
|
ssl_conf = ssl_section
|
|
|
|
[ssl_section]
|
|
system_default = system_default_section
|
|
|
|
[system_default_section]
|
|
CipherString = ALL:@SECLEVEL=0
|