← Back to team overview

maria-developers team mailing list archive

Re: nariadb 10.1.13 fails with openssl on gentoo


Hi, Benny!

On Apr 17, Benny Pedersen wrote:
> if openssl works for othres i like to know a working my.cnf to make it
> work, i have added my ssql same way as used in dovecot / postfix, no ssl
> error in mysql, but openssl s_client -showcerts -connect
> says ssl23 fails, at best i see ssl3 tlsv1 fails, output is
> CONNECTED(00000003)

Of course, this cannot possibly work.

See the client-server protocol description, for example, here:

When the client connects, the server sends the initial handshake packet
(where the server announces that it supports SSL). The client replies
that it also supports SSL. Only then the server and client actually
start using SSL.

s_client does not know MariaDB/MySQL protocol, it cannot do this initial
protocol handshake, so you cannot use it to probe MariaDB or MySQL

Chief Architect MariaDB
and security@xxxxxxxxxxx