Newest RHEL/CentOS openssl update breaks mysql DHE

Bug #1462856 reported by Jacques Grove on 2015-06-08
62
This bug affects 11 people
Affects Status Importance Assigned to Milestone
MySQL Server
Unknown
Unknown
Percona Server moved to https://jira.percona.com/projects/PS
Fix Released
High
Laurynas Biveinis
5.5
Fix Released
High
Laurynas Biveinis
5.6
Fix Released
High
Laurynas Biveinis

Bug Description

This is a problem in upstream as well, I am pretty sure:

The newest RHEL/CentOS/SL 6.6 openssl package (1.0.1e-30.el6_6.9 ; published around 6/4/2015) contains a fix for CVE-2015-4000 . RedHat's fix for this was to limit the use of any SSL DH key sizes to a minimum of 768 bits. This breaks any DHE SSL ciphers for MySQL clients as soon as you install the openssl update, since in vio/viosslfactories.c , the default DHPARAM is a 512 bit one. As far as I can tell this cannot be changed in configuration/runtime; and needs a recompile.

We should probably include and/or upstream this patch:

  https://lists.fedoraproject.org/pipermail/scm-commits/2012-December/910767.html

Example:

  If a user in a Percona 5.6.23-72.1-log server is setup with grant "require SSL", and the client (using the updated openssl package) executes:
  # mysql -u user -h serverhostname --ssl --ssl-cipher=DHE-RSA-AES256-SHA -p
Enter password:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

This will occur for any DHE cipher. Using a non-DHE cipher will work as expected.

Workaround:
  * Downgrade the client openssl package to any version before 1.0.1e-30.el6_6.9; e.g. 0:1.0.1e-30.el6_6.8
  * Alternatively, do not use DH ciphers. This is not acceptable because the supported non-DH ciphers do not afford any PFS protection.

Solution is for the server to present a 1024 bit DH param. This would:

 * Avoid the problem with "fixed" client libraries.
 * Still be small enough to avoid problems with some clients (e.g. older Java versions do not like DH params > 1024 bit)
 * Improve security in general.

CVE References

It's clear that both upstream MySQL and Percona Server are ffected (I've checked 5.6 branches below):

[openxs@chief mysql-server]$ git pull
Already up-to-date.
[openxs@chief mysql-server]$ grep -rn dh512_p *
extra/yassl/src/yassl.cpp:89: static unsigned char dh512_p[] =
extra/yassl/src/yassl.cpp:105: base.dh_->p = BN_bin2bn(dh512_p, sizeof(dh512_p), 0);
vio/viosslfactories.c:23:static unsigned char dh512_p[]=
vio/viosslfactories.c:42: dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
[openxs@chief mysql-server]$ grep -rn dh1024_p *
extra/yassl/testsuite/test.hpp:486: static unsigned char dh1024_p[] =
extra/yassl/testsuite/test.hpp:508: dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
[openxs@chief mysql-server]$ cd ../percona-server/
[openxs@chief percona-server]$ grep -rn dh512_p *
extra/yassl/src/yassl.cpp:89: static unsigned char dh512_p[] =
extra/yassl/src/yassl.cpp:105: base.dh_->p = BN_bin2bn(dh512_p, sizeof(dh512_p), 0);
vio/viosslfactories.c:23:static unsigned char dh512_p[]=
vio/viosslfactories.c:42: dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
[openxs@chief percona-server]$ grep -rn dh1024_p *
extra/yassl/testsuite/test.hpp:486: static unsigned char dh1024_p[] =
extra/yassl/testsuite/test.hpp:508: dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
[openxs@chief percona-server]$ git branch
* 5.6

Do you prefer to report upstream bug yourself to get a credit?

tags: added: upstream
Jacques Grove (aquarapid) wrote :

Logged upstream as http://bugs.mysql.com/77275

Chris Calender (chriscalender) wrote :

Fix will also appear in MariaDB 5.5.44.

The problem is also present in Ubuntu after installing http://www.ubuntu.com/usn/usn-2639-1/

Dan Benton (dogsbody) wrote :

How can we downgrade OpenSSL when it seems all the packages have been removed from the repo's? :-/

$ sudo apt-get install openssl=1.0.1f-1ubuntu2.12
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Version '1.0.1f-1ubuntu2.12' for 'openssl' was not found

$ apt-cache showpkg openssl
[...]
Provides:
1.0.1f-1ubuntu2.15 -
1.0.1f-1ubuntu2 -

1.0.1f-1ubuntu2.15 is the version that has broken our databases :-/

Teodor Milkov (tm-del) wrote :

percona mysql server also broken on Debian now after DSA 3287-1 went live: https://lists.debian.org/debian-security-announce/2015/msg00182.html

Dan Benton (dogsbody) wrote :

Found the packages in the local cache on all our servers.

Rolled back with...
sudo dpkg -i /var/cache/apt/archives/libssl1.0.0_1.0.1f-1ubuntu2.12_amd64.deb
sudo dpkg -i /var/cache/apt/archives/openssl_1.0.1f-1ubuntu2.12_amd64.deb

David Busby (d-busby) on 2015-06-19
tags: added: security
Dan Benton (dogsbody) wrote :

Thank you for fixing this issue. Any ideas when a new package will be released to the repo's so we can test it?

Hrvoje Matijakovic (hrvojem) wrote :

Packages are now available in our testing repos (https://www.percona.com/doc/percona-server/5.5/installation/apt_repo.html#percona-apt-testing-repository) so you can give them a try.

jolan (jolan) wrote :

Are xtradb cluster builds being done by a different team? I don't see an update for that in the testing repo.

Hrvoje Matijakovic (hrvojem) wrote :

@jolan - PXC will be fixed in the next/upcoming release.

Stephen Colebrook (scolebrook) wrote :

@hrvojem Any rough timeframe on when we might see that release?

tags: added: i57089

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-906

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.