V S Murthy Sidagam dbbe747e54 Bug #21221862 NEWEST RHEL/CENTOS OPENSSL UPDATE BREAKS MYSQL DHE CIPHERS ... Description: The newest RHEL/CentOS/SL 6.6 openssl package (1.0.1e-30.el6_6.9; published around 6/4/2015) contains a fix for LogJam. RedHat's fix for this was to limit the use of any SSL DH key sizes to a minimum of 768 bits. This breaks any DHE SSL ciphers for MySQL clients as soon as you install the openssl update, since in vio/viosslfactories.c, the default DHPARAM is a 512 bit one. This cannot be changed in configuration/runtime; and needs a recompile. Because of this the client connection with --ssl-cipher=DHE-RSA-AES256-SHA is not able to connect the server. Analysis: Openssl has changed Diffie-Hellman key from the 512 to 1024 due to some reasons(please see the details at http://openssl.org/news/secadv_20150611.txt) Because of this the client with DHE cipher is failing to connect the server. This change took place from the openssl-1.0.1n onwards. Fix: Similar bug fix is already pushed to mysql-5.7 under bug#18367167. Hence we backported the same fix to mysql-5.5 and mysql-5.6.		2015-06-19 08:26:33 +05:30
..
atomic
mysql
base64.h
CMakeLists.txt
decimal.h
errmsg.h
ft_global.h
hash.h
heap.h
keycache.h
lf.h
m_ctype.h
m_string.h
my_aes.h
my_alarm.h
my_alloc.h
my_atomic.h
my_attribute.h
my_base.h
my_bit.h
my_bitmap.h
my_check_opt.h
my_compare.h
my_compiler.h
my_dbug.h
my_dir.h
my_getopt.h
my_global.h
my_libwrap.h
my_list.h
my_md5.h
my_net.h
my_nosys.h
my_pthread.h
my_rdtsc.h
my_stacktrace.h
my_sys.h
my_time.h
my_tree.h
my_uctype.h
my_user.h
my_xml.h
myisam.h
myisammrg.h
myisampack.h
mysql.h
mysql.h.pp
mysql_com.h
mysql_embed.h
mysql_time.h
mysql_version.h.in
mysys_err.h
password.h
probes_mysql.d.base
probes_mysql.h
probes_mysql_nodtrace.h
queues.h
rijndael.h
service_versions.h
sha1.h
sha2.h
sql_common.h
sslopt-case.h
sslopt-longopts.h
sslopt-vars.h
t_ctype.h
thr_alarm.h
thr_lock.h
typelib.h
violite.h
welcome_copyright_notice.h