mirror of
https://github.com/MariaDB/server.git
synced 2026-04-25 09:45:31 +02:00
dbbe747e54
Description: The newest RHEL/CentOS/SL 6.6 openssl package (1.0.1e-30.el6_6.9; published around 6/4/2015) contains a fix for LogJam. RedHat's fix for this was to limit the use of any SSL DH key sizes to a minimum of 768 bits. This breaks any DHE SSL ciphers for MySQL clients as soon as you install the openssl update, since in vio/viosslfactories.c, the default DHPARAM is a 512 bit one. This cannot be changed in configuration/runtime; and needs a recompile. Because of this the client connection with --ssl-cipher=DHE-RSA-AES256-SHA is not able to connect the server. Analysis: Openssl has changed Diffie-Hellman key from the 512 to 1024 due to some reasons(please see the details at http://openssl.org/news/secadv_20150611.txt) Because of this the client with DHE cipher is failing to connect the server. This change took place from the openssl-1.0.1n onwards. Fix: Similar bug fix is already pushed to mysql-5.7 under bug#18367167. Hence we backported the same fix to mysql-5.5 and mysql-5.6. |
||
|---|---|---|
| .. | ||
| docs | ||
| CMakeLists.txt | ||
| test-ssl.c | ||
| test-sslclient.c | ||
| test-sslserver.c | ||
| vio.c | ||
| vio_priv.h | ||
| viosocket.c | ||
| viossl.c | ||
| viosslfactories.c | ||
| viotest-ssl.c | ||
| viotest-sslconnect.cc | ||
| viotest.cc | ||