Bug #77275 Newest RHEL/CentOS openssl update breaks mysql DHE ciphers
Submitted: 8 Jun 2015 17:38 Modified: 19 Jun 2015 17:22
Reporter: Jacques Grove Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Security: Encryption Severity:S2 (Serious)
Version: OS:Linux (RHEL 6.6)
Assigned to: CPU Architecture:Any
Tags: SSL

[8 Jun 2015 17:38] Jacques Grove
The newest RHEL/CentOS/SL 6.6 openssl package (1.0.1e-30.el6_6.9 ; published around 6/4/2015) contains a fix for CVE-2015-4000 (LogJam) . RedHat's fix for this was to limit the use of any SSL DH key sizes to a minimum of 768 bits. This breaks any DHE SSL ciphers for MySQL clients as soon as you install the openssl update, since in vio/viosslfactories.c , the default DHPARAM is a 512 bit one. As far as I can tell this cannot be changed in configuration/runtime; and needs a recompile.

How to repeat:
 If a user on a MySQL 5.6.23 server is configured with grant "require SSL", and the client (using the updated openssl package:  1.0.1e-30.el6_6.9) executes:
  # mysql -u user -h serverhostname --ssl --ssl-cipher=DHE-RSA-AES256-SHA -p
Enter password:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

Using a non-DHE cipher works fine, e.g.:

# mysql -u user -h serverhostname --ssl --ssl-cipher=AES256-SHA -p

The same problem will also occur for any supported DHE cipher.  Any non-DHE cipher will work as expected.

  * Downgrade the client openssl package to any version before 1.0.1e-30.el6_6.9; e.g. 0:1.0.1e-30.el6_6.8
  * Alternatively, do not use DH ciphers. This is not acceptable because the supported non-DH ciphers do not afford any PFS protection.

Suggested fix:
Solution is for the server to present a 1024 bit DH param. This would:

 * Avoid the problem with "fixed" client libraries.
 * Still be small enough to avoid problems with some clients (e.g. older Java versions do not like DH params > 1024 bit)
 * Improve security in general.

To achieve this, we should probably include this RedHat patch:

[9 Jun 2015 8:09] Terje Røsten
Verified, this is request for backport of:

[19 Jun 2015 17:22] Paul Dubois
Noted in 5.5.45, 5.6.26 changelogs.

The key length used in vio/viosslfactories.c for creating
Diffie-Hellman keys has been increased from 512 to 2,048 bits.