← Back to team overview

maria-discuss team mailing list archive

Re: Clarification about have_ssl and have_openssl variables


Hi, Peter!

On Feb 08, Peter Laursen wrote:
> MySQL documentation states
> https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_have_openssl
> simply states "This variable is an alias for have_ssl.". I checked with a
> few Oracle/MySQL installations that the two variables have identical
> values.
> But this is not the case on MariaDB (I checked my local Windows installs of
> 10.1 and 10.2). have_openssl is NO - have_ssl is YES|DISABLED.

Yes, it was changed about five years ago. "have_ssl" in MariaDB says
whether SSL support is available, while "have_openssl" says,
specifically, whether OpenSSL is compiled in.

So, if you have MariaDB built with YaSSL, have_ssl will be YES, while
have_openssl will be NO. While MySQL will lie that have_openssl=YES,
even if no OpenSSL is present.

This is documented both in the KB:
and in the server itself:

> Any thoughts on this? What can we do? We are affected as we use MariaDB
> Connector/C 2.33 currently

Use the variable that corresponds to the question you want to ask.
If you just want to know if any SSL support is present, check have_ssl,
if you're looking for OpenSSL in particular (for example, if you want to
know whether TLSv1.2 or some newer ciphers are possible ), check
have_openssl or version_ssl_library.

Chief Architect MariaDB
and security@xxxxxxxxxxx