-
Type:
Bug
-
Status: Done
-
Priority:
High
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Launchpad URL:
**Reported in Launchpad by Sveta Smirnova last update 30-06-2016 07:19:46
Originally reported at https://bugs.mysql.com/bug.php?id=75239
Currently MySQL only supports TLSv1 protocol and does not support TLSv1.1 and TLSv1.2 which are recommended to use. There is upstream bug with patch provided.
Please implement this patch for Percona Server with small difference: use TLS_method instead of deprecated SSLv23_method (https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_new.html)
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 4ca8c74..35edd33 100644
— a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -193,8 +193,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_RETURN(0);
if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
- TLSv1_client_method() :
- TLSv1_server_method())))
+ TLS_client_method() :
+ TLS_server_method())))
{
*error= SSL_INITERR_MEMFAIL;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
2.1.0