openssl_1 tries to test a removed cipher on some platforms
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
|||
Percona Server moved to https://jira.percona.com/projects/PS |
Invalid
|
Undecided
|
Unassigned | ||
5.1 |
Invalid
|
Undecided
|
Unassigned | ||
5.5 |
Fix Released
|
Low
|
Laurynas Biveinis | ||
5.6 |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Copy of http://
Server built with -DWITH_SSL=system on CentOS 7 fails to use EDH-RSA-DES-CBC-SHA cipher, which has been removed there.
How to repeat:
Workaround bug 73280 and run openssl_1:
$ OPENSSL_
ain.openssl_1 [ fail ]
Test ended at 2014-07-13 15:32:17
CURRENT_TEST: main.openssl_1
ERROR 2026 (HY000): SSL connection error: error:00000001:
mysqltest: At line 217: command "$MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=
Output from before failure:
exec of '/home/
Inspect openssl ciphers -v output to see that EDH-RSA-DES-CBC-SHA is not present.
Suggested fix:
All DES ciphers have been removed from OpenSSL in CentOS 7 as weak, google openssl-
5.6 has replaced that cipher with AES256-SHA in the testcase, commit rev 5747. It references Bug #18047796 MTR TEST MAIN.OPENSSL_1 FAILS ON FEDORA 19 WITH OPENSSL 1.0.1E, which appears to be the exact same issue. Thus this bug is a backport request for 5.5.
Related branches
- Laurynas Biveinis (community): Approve
-
Diff: 25 lines (+2/-2)2 files modifiedmysql-test/r/openssl_1.result (+1/-1)
mysql-test/t/openssl_1.test (+1/-1)
tags: | added: ci upstream |
Percona now uses JIRA for bug reports so this bug report is migrated to: https:/ /jira.percona. com/browse/ PS-3242