enterprise-support team mailing list archive

Thread
Date

[Bug 1501089] [NEW] Please add support for for TLSv1.1 and TLSv1.2

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Sveta Smirnova <sveta@xxxxxxxxxxxxx>
Date: Tue, 29 Sep 2015 22:28:38 -0000
Reply-to: Bug 1501089 <1501089@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Originally reported at https://bugs.mysql.com/bug.php?id=75239

Currently MySQL only supports TLSv1 protocol and does not support
TLSv1.1 and TLSv1.2 which are recommended to use. There is upstream bug
with patch provided.

Please implement this patch for Percona Server with small difference:
use TLS_method instead of deprecated SSLv23_method
(https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_new.html)

diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 4ca8c74..35edd33 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -193,8 +193,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
     DBUG_RETURN(0);
 
   if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
-                                         TLSv1_client_method() :
-                                         TLSv1_server_method())))
+                                         TLS_client_method() :
+                                         TLS_server_method())))
   {
     *error= SSL_INITERR_MEMFAIL;
     DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
-- 
2.1.0

** Affects: mysql-server
     Importance: Unknown
         Status: Unknown

** Affects: percona-server
     Importance: Undecided
         Status: Confirmed

** Affects: percona-server/5.5
     Importance: Undecided
         Status: Confirmed

** Affects: percona-server/5.6
     Importance: Undecided
         Status: Confirmed

** Affects: percona-server/5.7
     Importance: Undecided
         Status: Confirmed


** Tags: i59961

** Also affects: percona-server/5.7
   Importance: Undecided
       Status: New

** Also affects: percona-server/5.5
   Importance: Undecided
       Status: New

** Also affects: percona-server/5.6
   Importance: Undecided
       Status: Confirmed

** Bug watch added: MySQL Bug System #75239
   http://bugs.mysql.com/bug.php?id=75239

** Also affects: mysql-server via
   http://bugs.mysql.com/bug.php?id=75239
   Importance: Unknown
       Status: Unknown

** Changed in: percona-server/5.5
       Status: New => Confirmed

** Changed in: percona-server/5.7
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to MySQL.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1501089

Title:
  Please add support for for TLSv1.1 and TLSv1.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/mysql-server/+bug/1501089/+subscriptions

Follow ups

[Bug 1501089] Re: Please add support for for TLSv1.1 and TLSv1.2
From: Laurynas Biveinis, 2016-06-30
[Bug 1501089] Re: Please add support for for TLSv1.1 and TLSv1.2
From: Laurynas Biveinis, 2015-12-10