mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/client
History
Georg Richter d13080133f MDEV-14101 Provide an option to select TLS protocol version 
Server and command line tools now support option --tls_version to specify the
TLS version between client and server. Valid values are TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
or a combination of them. E.g.

--tls_version=TLSv1.3
--tls_version=TLSv1.2,TLSv1.3

In case there is a gap between versions, the lowest version will be used:
--tls_version=TLSv1.1,TLSv1.3 -> Only TLSv1.1 will be available.

If the used TLS library doesn't support the specified TLS version, it will use
the default configuration.

Limitations:

SSLv3 is not supported. The default configuration doesn't support TLSv1.0 anymore.
TLSv1.3 protocol currently is only supported by OpenSSL 1.1.0 (client and server) and
GnuTLS 3.6.5 (client only).

Overview of TLS implementations and protocols

Server:

+-----------+-----------------------------------------+
| Library   | Supported TLS versions                  |
+-----------+-----------------------------------------+
| WolfSSL   | TLSv1.1, TLSv1,2                        |
+-----------+-----------------------------------------+
| OpenSSL   | (TLSv1.0), TLSv1.1, TLSv1,2, TLSv1.3    |
+-----------+-----------------------------------------+
| LibreSSL  | (TLSv1.0), TLSv1.1, TLSv1,2, TLSv1.3    |
+-----------+-----------------------------------------+

Client (MariaDB Connector/C)
+-----------+-----------------------------------------+
| Library   | Supported TLS versions                  |
+-----------+-----------------------------------------+
| GnuTLS    | (TLSv1.0), TLSv1.1, TLSv1.2, TLSv1.3    |
+-----------+-----------------------------------------+
| Schannel  | (TLSv1.0), TLSv1.1, TLSv1.2             |
+-----------+-----------------------------------------+
| OpenSSL   | (TLSv1.0), TLSv1.1, TLSv1,2, TLSv1.3    |
+-----------+-----------------------------------------+
| LibreSSL  | (TLSv1.0), TLSv1.1, TLSv1,2, TLSv1.3    |
+-----------+-----------------------------------------+
2019-06-17 12:26:25 +02:00
..
async_example.c MWL#192: non-blocking client API, after-review fixes. 2012-01-06 12:43:18 +01:00
client_priv.h MDEV-14101 Provide an option to select TLS protocol version 2019-06-17 12:26:25 +02:00
CMakeLists.txt Only link mysys_ssl when required. 2019-06-03 09:55:59 +02:00
completion_hash.cc Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
completion_hash.h Update FSF Address 2019-05-11 21:29:06 +03:00
echo.c Update FSF Address 2019-05-11 21:29:06 +03:00
my_readline.h Update FSF Address 2019-05-11 21:29:06 +03:00
mysql.cc MDEV-14101 Provide an option to select TLS protocol version 2019-06-17 12:26:25 +02:00
mysql_plugin.c Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
mysql_upgrade.c Merge branch '10.3' into 10.4 2019-05-19 20:55:37 +02:00
mysqladmin.cc MDEV-14101 Provide an option to select TLS protocol version 2019-06-17 12:26:25 +02:00
mysqlbinlog.cc MDEV-14101 Provide an option to select TLS protocol version 2019-06-17 12:26:25 +02:00
mysqlcheck.c Merge branch '10.3' into 10.4 2019-05-19 20:55:37 +02:00
mysqldump.c MDEV-14101 Provide an option to select TLS protocol version 2019-06-17 12:26:25 +02:00
mysqlimport.c MDEV-14101 Provide an option to select TLS protocol version 2019-06-17 12:26:25 +02:00
mysqlshow.c MDEV-14101 Provide an option to select TLS protocol version 2019-06-17 12:26:25 +02:00
mysqlslap.c Merge branch '10.3' into 10.4 2019-05-19 20:55:37 +02:00
mysqltest.cc MDEV-14101 Provide an option to select TLS protocol version 2019-06-17 12:26:25 +02:00
readline.cc Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
sql_string.cc.dontuse Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
sql_string.h.dontuse Update FSF Address 2019-05-11 21:29:06 +03:00