tls_version can be set to any value
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
||||
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Triaged
|
Medium
|
Unassigned | |||
5.6 |
Triaged
|
Medium
|
Unassigned | |||
5.7 |
Triaged
|
Medium
|
Unassigned |
Bug Description
Percona Server has implemented protocol support for TLS 1.1 and TLS 1.2 by porting tls_version. Currently this variable can be set to any value without server complaining that protocol is nonexistent or unsupported (or falling back to default). To reproduce set the tls_version to any string and restart the server.
Percona Server 5.5:
mysql> SHOW VARIABLES LIKE 'tls_version';
+------
| Variable_name | Value |
+------
| tls_version | SSLv88 |
+------
1 row in set (0.00 sec)
mysql> SELECT @@VERSION;
+-------------+
| @@VERSION |
+-------------+
| 5.5.50-38.0 |
+-------------+
1 row in set (0.00 sec)
Percona Server 5.6:
mysql> SHOW VARIABLES LIKE 'tls_version';
+------
| Variable_name | Value |
+------
| tls_version | TLSv2.7 |
+------
1 row in set (0.00 sec)
mysql> SELECT @@VERSION;
+-------------+
| @@VERSION |
+-------------+
| 5.6.31-77.0 |
+-------------+
1 row in set (0.00 sec)
Percona Server 5.7:
mysql> SHOW VARIABLES LIKE 'tls_version';
+------
| Variable_name | Value |
+------
| tls_version | CRYPTOv7.2 |
+------
1 row in set (0.00 sec)
mysql> SELECT @@VERSION;
+-----------+
| @@VERSION |
+-----------+
| 5.7.13-6 |
+-----------+
1 row in set (0.00 sec)
tags: | added: upstream |
In 5.7, this is a fully upstream bug. In 5.5 and 5.6, we backported the upstream feature with this upstream bug included.