Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC

SSL failing due to small DH key

Bug #1472701 reported by Stephen Colebrook on 2015-07-08

264

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC	New	Undecided	Unassigned

Bug Description

Opening a fresh bug report on Cluster as the issue has been marked as Fix Released on standalone but there have been no coding changes on github for cluster to implement the fix.

Please see https://bugs.launchpad.net/percona-server/+bug/1462856 for details about this bug in the standalone server edition. This issue prevents SSL connections to any Percona XtraDB Cluster from any server with a fully patched openssl that requires 768 bit or more DH keys.

This issue should be considered a significant security issue as the only workarounds are to not use ssl connections, use a non DH cipher or not upgrade openssl to an affected version (which introduces it's own set of security issues).

Please port the patch from Percona Server to Cluster and issue a security release. This is a month old at this point and needs to be resolved as soon as possible.

Tags:

Stephen Colebrook (scolebrook) on 2015-07-21

information type:

Private Security → Public Security

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-18:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXC-1836

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #1475780

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.