Description:
Cipher ECDHE-RSA-AES128-GCM-SHA256 listed in the list of supported ciphers at https://dev.mysql.com/doc/refman/5.7/en/secure-connection-protocols-ciphers.html, but practically it is not supported.

How to repeat:
Download 5.7.15, start it with SSL support. Try to connect using ECDHE-RSA-AES128-GCM-SHA256.

Suggested fix:
Support ECDHE-RSA-AES128-GCM-SHA256.

Hello Sveta,

Thank you for the report.

Thanks,
Umesh

Bug 82935 fix for 5.7

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: bug82935-5.7.patch (application/octet-stream, text), 19.19 KiB.

Bug 82935 fix for 8.0

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: bug82935-8.0.patch (application/octet-stream, text), 19.87 KiB.

Bug 82935 fix for 8.0.1

Attachment: bug82935-8.0.1.patch (application/octet-stream, text), 20.00 KiB.

Bug 82935 fix for 8.0.2

Attachment: bug82935-8.0.2.patch (application/octet-stream, text), 20.35 KiB.

Bug 82935 fix for 8.0.4

Attachment: bug82935-8.0.4.patch (application/octet-stream, text), 23.58 KiB.

Fix updated for 8.0.4. The main difference is in MTR due to OpenSSL 1.1 support. The latter version also negotiates EC ciphers by default, while my patch enables that for OpenSSL 1.0. A nice side effect in testsuite is that all OpenSSL-specific testcases now always negotiate the same EC cipher, thus dropped a few --replace_result replacements and the whole previously-contributed main.ssl_ecdh became redundant.

(It is very annoying that bugs with Contributions in Accepted state cannot receive new contributions)

Bug 82935 fix for 8.0.11

Attachment: bug82935-8.0.11.patch (application/octet-stream, text), 31.08 KiB.

Contributed patch updated for 8.0.11. WolfSSL compatibility not ensured due to bug 91010.