Cipher ECDHE-RSA-AES128-GCM-SHA256 listed in man/Ssl_cipher_list, not supported
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
||||
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Won't Fix
|
Medium
|
Laurynas Biveinis | |||
5.6 |
Fix Released
|
Medium
|
Laurynas Biveinis | |||
5.7 |
Fix Released
|
Medium
|
Laurynas Biveinis |
Bug Description
Description:
Cipher ECDHE-RSA-
How to repeat:
Download 5.7.15, start it with SSL support. Try to connect using ECDHE-RSA-
Suggested fix:
Support ECDHE-RSA-
Customer provided a patch which fixes the issue:
-bash-4.1$ cat patches/
--- percona-
+++ percona-
@@ -329,6 +329,7 @@
const long ssl_ctx_flags)
{
DH *dh;
+ EC_KEY *ecdh;
struct st_VioSSLFd *ssl_fd;
long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
int ret_set_cipherlist= 0;
@@ -498,6 +499,18 @@
}
DH_free(dh);
+ /* ECDH stuff */
+ ecdh = EC_KEY_
+ if (! ecdh)
+ {
+ DBUG_PRINT("error", ("ECDH key fail"));
+ }
+ if (1 != SSL_CTX_
+ {
+ DBUG_PRINT("error", ("ECDH set fail"));
+ }
+ EC_KEY_free (ecdh);
+
DBUG_PRINT("exit", ("OK 1"));
DBUG_RETURN(
tags: | added: contribution upstream |
https:/ /github. com/percona/ percona- server/ pull/1028 /github. com/percona/ percona- server/ pull/1029
https:/