Focal requires tls > mariadb rev has. ssl dead, websites down on upgrade

Bug #1885632 reported by Harry Coin on 2020-06-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mariadb-10.3 (Ubuntu)
Undecided
Unassigned

Bug Description

Mariadb 10.3 as provided by Ubuntu and shipped in LTS is compiled against YaSSL version 2.4.4, which supports a maximum tls version of 1.1 as I understand it. See: https://ubuntuforums.org/showthread.php?t=2420831

Focal minimum tls requirement is higher, tls v1.2 as discussed here: https://discourse.ubuntu.com/t/default-to-tls-v1-2-in-all-tls-libraries-in-20-04-lts/12464/3

As a result, all attempts to use ssl that worked pre-focal now hit a hard failure with such as:

ERROR 2026 (HY000): SSL connection error: The TLS connection was non-properly terminated.

and via libraries:

Unable to open database: SSL connection error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Upstream offers a focal repository, so hopefully this won't be a hard one to merge into standard Ubuntu, since basically without some fix SSL/TLS via mariadb is broken entirely on an LTS version -- and that for 5 years, as they say, needs a close look. I suspect there are other compatibility issues preventing it, but as 'upgrading to focal' killed several web servers -- some sort of pragmatic work-around needs doing.

Until then:

sudo apt-get install software-properties-common
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://ftp.utexas.edu/mariadb/repo/10.5/ubuntu focal main'

Hope this helps someone...

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers