openssl_1 tries to test a removed cipher on some platforms

Bug #1401791 reported by Laurynas Biveinis on 2014-12-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL Server
Unknown
Unknown
Percona Server moved to https://jira.percona.com/projects/PS
Invalid
Undecided
Unassigned
5.1
Invalid
Undecided
Unassigned
5.5
Fix Released
Low
Laurynas Biveinis
5.6
Invalid
Undecided
Unassigned

Bug Description

Copy of http://bugs.mysql.com/bug.php?id=73281:

Server built with -DWITH_SSL=system on CentOS 7 fails to use EDH-RSA-DES-CBC-SHA cipher, which has been removed there.

How to repeat:
Workaround bug 73280 and run openssl_1:

$ OPENSSL_ENABLE_MD5_VERIFY=yes ./mysql-test-run openssl_1

ain.openssl_1 [ fail ]
        Test ended at 2014-07-13 15:32:17

CURRENT_TEST: main.openssl_1
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
mysqltest: At line 217: command "$MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC-SHA" failed

Output from before failure:
exec of '/home/laurynas/percona/lp-mysql-server/5.5/obj-debug/client//mysql --defaults-file=/home/laurynas/percona/lp-mysql-server/5.5/obj-debug/mysql-test/var/my.cnf --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC-SHA' failed, error: 256, status: 1, errno: 0

Inspect openssl ciphers -v output to see that EDH-RSA-DES-CBC-SHA is not present.

Suggested fix:
All DES ciphers have been removed from OpenSSL in CentOS 7 as weak, google openssl-1.0.1e-weak-ciphers.patch. If they are weak, then simply remove them from the testcase?

5.6 has replaced that cipher with AES256-SHA in the testcase, commit rev 5747. It references Bug #18047796 MTR TEST MAIN.OPENSSL_1 FAILS ON FEDORA 19 WITH OPENSSL 1.0.1E, which appears to be the exact same issue. Thus this bug is a backport request for 5.5.

Related branches

tags: added: ci upstream

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-3242

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.