Uploaded image for project: 'Percona Server for MySQL'
  1. Percona Server for MySQL
  2. PS-1737

LP #1622034: Cipher ECDHE-RSA-AES128-GCM-SHA256 listed in man/Ssl_cipher_list, not supported

    Details

      Description

      **Reported in Launchpad by Sveta Smirnova last update 20-09-2016 09:02:04

      Description:
      Cipher ECDHE-RSA-AES128-GCM-SHA256 listed in the list of supported ciphers at https://dev.mysql.com/doc/refman/5.7/en/secure-connection-protocols-ciphers.html, but practically it is not supported.

      How to repeat:
      Download 5.7.15, start it with SSL support. Try to connect using ECDHE-RSA-AES128-GCM-SHA256.

      Suggested fix:
      Support ECDHE-RSA-AES128-GCM-SHA256.

      Customer provided a patch which fixes the issue:

      -bash-4.1$ cat patches/viossl.patch
      — percona-server-5.6.31-77.0/vio/viosslfactories.c.orig 2016-07-26 02:51:18.881251868 +0000
      +++ percona-server-5.6.31-77.0/vio/viosslfactories.c 2016-07-26 18:30:45.016767477 +0000
      @@ -329,6 +329,7 @@
      const long ssl_ctx_flags)
      {
      DH *dh;
      + EC_KEY *ecdh;
      struct st_VioSSLFd *ssl_fd;
      long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
      int ret_set_cipherlist= 0;
      @@ -498,6 +499,18 @@
      }
      DH_free(dh);

      + /* ECDH stuff */
      + ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
      + if (! ecdh)
      +

      { + DBUG_PRINT("error", ("ECDH key fail")); + }

      + if (1 != SSL_CTX_set_tmp_ecdh (ssl_fd->ssl_context, ecdh))
      +

      { + DBUG_PRINT("error", ("ECDH set fail")); + }

      + EC_KEY_free (ecdh);
      +
      DBUG_PRINT("exit", ("OK 1"));

      DBUG_RETURN(ssl_fd);

        Smart Checklist

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lpjirasync lpjirasync (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: