mirror of
https://github.com/MariaDB/server.git
synced 2025-01-30 18:41:56 +01:00
ccca4f43c9
post-review fixes: * move all ssl implementation related ifdefs/defines to one file (ssl_compat.h) * work around OpenSSL-1.1 desire to malloc every EVP context by run-time checking that context allocated on the stack is big enough (openssl.c) * use newer version of the AWS SDK for OpenSSL 1.1 * use get_dh2048() function as generated by openssl 1.1 (viosslfactories.c)
43 lines
1.8 KiB
Text
43 lines
1.8 KiB
Text
#
|
|
# MDEV-6975 Implement TLS protocol
|
|
#
|
|
# test SSLv3 and TLSv1.2 ciphers when OpenSSL is restricted to SSLv3 or TLSv1.2
|
|
#
|
|
source include/have_ssl_communication.inc;
|
|
source include/require_openssl_client.inc;
|
|
|
|
# this is OpenSSL test.
|
|
|
|
create user ssl_sslv3@localhost;
|
|
# grant select on test.* to ssl_sslv3@localhost require cipher "AES128-SHA";
|
|
grant select on test.* to ssl_sslv3@localhost require cipher "AES128-SHA";
|
|
create user ssl_tls12@localhost;
|
|
grant select on test.* to ssl_tls12@localhost require cipher "AES128-SHA256";
|
|
|
|
let $mysql=$MYSQL --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1;
|
|
|
|
disable_abort_on_error;
|
|
echo TLS1.2 ciphers: user is ok with any cipher;
|
|
exec $mysql --ssl-cipher=AES128-SHA256;
|
|
--replace_result DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384
|
|
exec $mysql --ssl-cipher=TLSv1.2;
|
|
echo TLS1.2 ciphers: user requires SSLv3 cipher AES128-SHA;
|
|
exec $mysql --user ssl_sslv3 --ssl-cipher=AES128-SHA256;
|
|
exec $mysql --user ssl_sslv3 --ssl-cipher=TLSv1.2;
|
|
echo TLS1.2 ciphers: user requires TLSv1.2 cipher AES128-SHA256;
|
|
exec $mysql --user ssl_tls12 --ssl-cipher=AES128-SHA256;
|
|
exec $mysql --user ssl_tls12 --ssl-cipher=TLSv1.2;
|
|
|
|
echo SSLv3 ciphers: user is ok with any cipher;
|
|
exec $mysql --ssl-cipher=AES256-SHA;
|
|
exec $mysql --ssl-cipher=SSLv3;
|
|
echo SSLv3 ciphers: user requires SSLv3 cipher AES128-SHA;
|
|
exec $mysql --user ssl_sslv3 --ssl-cipher=AES128-SHA;
|
|
exec $mysql --user ssl_sslv3 --ssl-cipher=SSLv3;
|
|
echo SSLv3 ciphers: user requires TLSv1.2 cipher AES128-SHA256;
|
|
exec $mysql --user ssl_tls12 --ssl-cipher=AES128-SHA;
|
|
exec $mysql --user ssl_tls12 --ssl-cipher=SSLv3;
|
|
|
|
drop user ssl_sslv3@localhost;
|
|
drop user ssl_tls12@localhost;
|
|
|