| Bug #82935 | Cipher ECDHE-RSA-AES128-GCM-SHA256 listed in man/Ssl_cipher_list, not supported | ||
|---|---|---|---|
| Submitted: | 9 Sep 2016 21:46 | Modified: | 13 Oct 8:15 |
| Reporter: | Sveta Smirnova (OCA) | Email Updates: | |
| Status: | Can't repeat | Impact on me: | |
| Category: | MySQL Server: Security: Encryption | Severity: | S3 (Non-critical) |
| Version: | 5.7.15 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[9 Sep 2016 21:46]
Sveta Smirnova
[19 Sep 2016 12:24]
MySQL Verification Team
Hello Sveta, Thank you for the report. Thanks, Umesh
[20 Sep 2016 10:14]
Laurynas Biveinis
Bug 82935 fix for 5.7 (*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.
Contribution: bug82935-5.7.patch (application/octet-stream, text), 19.19 KiB.
[20 Sep 2016 10:15]
Laurynas Biveinis
Bug 82935 fix for 8.0 (*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.
Contribution: bug82935-8.0.patch (application/octet-stream, text), 19.87 KiB.
[14 Apr 2017 9:06]
Laurynas Biveinis
Bug 82935 fix for 8.0.1
Attachment: bug82935-8.0.1.patch (application/octet-stream, text), 20.00 KiB.
[4 Aug 2017 19:28]
Laurynas Biveinis
Bug 82935 fix for 8.0.2
Attachment: bug82935-8.0.2.patch (application/octet-stream, text), 20.35 KiB.
[1 Feb 2018 10:45]
Laurynas Biveinis
Bug 82935 fix for 8.0.4
Attachment: bug82935-8.0.4.patch (application/octet-stream, text), 23.58 KiB.
[1 Feb 2018 10:49]
Laurynas Biveinis
Fix updated for 8.0.4. The main difference is in MTR due to OpenSSL 1.1 support. The latter version also negotiates EC ciphers by default, while my patch enables that for OpenSSL 1.0. A nice side effect in testsuite is that all OpenSSL-specific testcases now always negotiate the same EC cipher, thus dropped a few --replace_result replacements and the whole previously-contributed main.ssl_ecdh became redundant. (It is very annoying that bugs with Contributions in Accepted state cannot receive new contributions)
[13 Jun 2018 12:16]
Laurynas Biveinis
Bug 82935 fix for 8.0.11
Attachment: bug82935-8.0.11.patch (application/octet-stream, text), 31.08 KiB.
[13 Jun 2018 12:16]
Laurynas Biveinis
Contributed patch updated for 8.0.11. WolfSSL compatibility not ensured due to bug 91010.
[13 Oct 8:15]
Georgi Kodinov
Posted by developer: Tried with the latest trunk. It's working. Note that this is a TLS v1.2 ciper. Please re-open with concrete steps to reproduce if still valid: [gkodinov@compile-el9-02 mysql-test]$ ../runtime_output_directory/mysql -u root --protocol=tcp --socket=20202 --ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256 --port=20202 --tls-version=tlsv1.2 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 10 Server version: 9.6.0-debug Source distribution Copyright (c) 2000, 2025, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> \s -------------- ../runtime_output_directory/mysql Ver 9.6.0 for Linux on x86_64 (Source distribution) Connection id: 10 Current database: Current user: root@localhost SSL: Cipher in use is ECDHE-RSA-AES128-GCM-SHA256 Current pager: stdout Using outfile: ' Using delimiter: ; Server version: 9.6.0-debug Source distribution Protocol version: 10 Connection: localhost via TCP/IP Server characterset: utf8mb4 Db characterset: utf8mb4 Client characterset: utf8mb4 Conn. characterset: utf8mb4 TCP port: 20202 Binary data as: Hexadecimal Uptime: 31 sec Threads: 2 Questions: 6 Slow queries: 0 Opens: 119 Flush tables: 3 Open tables: 38 Queries per second avg: 0.193 -------------- mysql> select @@ssl_cipher; +--------------+ | @@ssl_cipher | +--------------+ | NULL | +--------------+ 1 row in set (0.001 sec)
