enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #03995
[Bug 1401791] [NEW] openssl_1 tries to test a removed cipher on some platforms
Public bug reported:
Copy of http://bugs.mysql.com/bug.php?id=73281:
Server built with -DWITH_SSL=system on CentOS 7 fails to use EDH-RSA-
DES-CBC-SHA cipher, which has been removed there.
How to repeat:
Workaround bug 73280 and run openssl_1:
$ OPENSSL_ENABLE_MD5_VERIFY=yes ./mysql-test-run openssl_1
ain.openssl_1 [ fail ]
Test ended at 2014-07-13 15:32:17
CURRENT_TEST: main.openssl_1
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
mysqltest: At line 217: command "$MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC-SHA" failed
Output from before failure:
exec of '/home/laurynas/percona/lp-mysql-server/5.5/obj-debug/client//mysql --defaults-file=/home/laurynas/percona/lp-mysql-server/5.5/obj-debug/mysql-test/var/my.cnf --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=EDH-RSA-DES-CBC-SHA' failed, error: 256, status: 1, errno: 0
Inspect openssl ciphers -v output to see that EDH-RSA-DES-CBC-SHA is not
present.
Suggested fix:
All DES ciphers have been removed from OpenSSL in CentOS 7 as weak, google openssl-1.0.1e-weak-ciphers.patch. If they are weak, then simply remove them from the testcase?
5.6 has replaced that cipher with AES256-SHA in the testcase, commit rev
5747. It references Bug #18047796 MTR TEST MAIN.OPENSSL_1 FAILS ON
FEDORA 19 WITH OPENSSL 1.0.1E, which appears to be the exact same issue.
Thus this bug is a backport request for 5.5.
** Affects: mysql-server
Importance: Unknown
Status: Unknown
** Affects: percona-server
Importance: Undecided
Status: Invalid
** Affects: percona-server/5.1
Importance: Undecided
Status: Invalid
** Affects: percona-server/5.5
Importance: Low
Assignee: Laurynas Biveinis (laurynas-biveinis)
Status: In Progress
** Affects: percona-server/5.6
Importance: Undecided
Status: Invalid
** Tags: ci upstream
** Also affects: percona-server/5.1
Importance: Undecided
Status: New
** Also affects: percona-server/5.5
Importance: Undecided
Status: New
** Also affects: percona-server/5.6
Importance: Undecided
Status: New
** Changed in: percona-server/5.1
Status: New => Invalid
** Changed in: percona-server/5.5
Status: New => In Progress
** Changed in: percona-server/5.6
Status: New => Invalid
** Changed in: percona-server/5.5
Importance: Undecided => Low
** Changed in: percona-server/5.5
Assignee: (unassigned) => Laurynas Biveinis (laurynas-biveinis)
** Tags added: ci upstream
** Bug watch added: MySQL Bug System #73281
http://bugs.mysql.com/bug.php?id=73281
** Also affects: mysql-server via
http://bugs.mysql.com/bug.php?id=73281
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to MySQL.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1401791
Title:
openssl_1 tries to test a removed cipher on some platforms
To manage notifications about this bug go to:
https://bugs.launchpad.net/mysql-server/+bug/1401791/+subscriptions
Follow ups
References
