Please add support for for TLSv1.1 and TLSv1.2
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
||||
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Fix Released
|
High
|
Laurynas Biveinis | |||
5.6 |
Fix Released
|
High
|
Laurynas Biveinis | |||
5.7 |
Fix Released
|
High
|
Unassigned |
Bug Description
Originally reported at https:/
Currently MySQL only supports TLSv1 protocol and does not support TLSv1.1 and TLSv1.2 which are recommended to use. There is upstream bug with patch provided.
Please implement this patch for Percona Server with small difference: use TLS_method instead of deprecated SSLv23_method (https:/
diff --git a/vio/viosslfac
index 4ca8c74..35edd33 100644
--- a/vio/viosslfac
+++ b/vio/viosslfac
@@ -193,8 +193,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_
if (!(ssl_
- TLSv1_client_
- TLSv1_server_
+ TLS_client_method() :
+ TLS_server_
{
*error= SSL_INITERR_
DBUG_
--
2.1.0
Per notes here: https:/ /www.pcisecurit ystandards. org/documents/ Migrating_ from_SSL_ Early_TLS_ Information% 20Supplement_ v1.pdf TLS1.0 from June 30th 2016 will no longer be viable for PCI