mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 03:52:35 +01:00
70 lines
2.8 KiB
Text
70 lines
2.8 KiB
Text
create user ssl_user1@localhost require SSL;
|
|
create user ssl_user2@localhost require cipher 'AES256-SHA';
|
|
create user ssl_user3@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client';
|
|
create user ssl_user4@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client' ISSUER '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB';
|
|
create user ssl_user5@localhost require cipher 'AES256-SHA' AND SUBJECT 'xxx';
|
|
connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA;
|
|
connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET);
|
|
connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA;
|
|
ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO)
|
|
connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA;
|
|
connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA;
|
|
connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA;
|
|
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
|
|
connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA;
|
|
ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
|
|
connection con1;
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES256-SHA
|
|
disconnect con1;
|
|
connection con2;
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES256-SHA
|
|
disconnect con2;
|
|
connection con3;
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES256-SHA
|
|
disconnect con3;
|
|
connection con4;
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES256-SHA
|
|
disconnect con4;
|
|
connection default;
|
|
drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES256-SHA
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES128-SHA
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES128-SHA
|
|
mysqltest: Could not open connection 'default': 2026 TLS/SSL error: xxxxVariable_name Value
|
|
Ssl_cipher AES256-SHA
|
|
Variable_name Value
|
|
Ssl_cipher AES128-SHA
|
|
select 'is still running; no cipher request crashed the server' as result from dual;
|
|
result
|
|
is still running; no cipher request crashed the server
|
|
create user mysqltest_1@localhost;
|
|
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA";
|
|
Variable_name Value
|
|
Ssl_cipher AES256-SHA
|
|
drop user mysqltest_1@localhost;
|
|
# restart: --ssl-cipher=AES128-SHA
|
|
connect ssl_con,localhost,root,,,,,SSL;
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher AES128-SHA
|
|
SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
|
|
VARIABLE_VALUE like '%AES128-SHA%'
|
|
1
|
|
disconnect ssl_con;
|
|
connection default;
|
|
call mtr.add_suppression("TLSv1.0 and TLSv1.1 are insecure");
|
|
FOUND 2 /TLSv1.0 and TLSv1.1 are insecure/ in mysqld.1.err
|