Bug #88865 Add in ECC SSL Support
Submitted: 11 Dec 2017 21:27 Modified: 7 Oct 2020 12:56
Reporter: Guest User Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S4 (Feature request)
Version:5.7.20 OS:Windows (10)
Assigned to: CPU Architecture:Any

[11 Dec 2017 21:27] Guest User 
Description:
Please give MySQL Server ECC SSL support.

How to repeat:
Setting an ECC private key (aka: -----BEGIN EC PRIVATE KEY-----) as the SSL private key produces an error.

Suggested fix:
Implement support for ECC private keys.
[29 Dec 2017 20:50] Daniël van Eeden 
Related:
Bug #71271 	MySQL fails to load PKCS#8 private key with YaSSL
[22 Aug 2018 20:19] Guest User 
Is it related?

I haven't checked, but was it addressed in 8.0?
[10 Jan 2019 18:52] Jonathan Champ 
MySQL 8 community binaries use OpenSSL so it should be fine with the PKCS encoding, but our initial tests still indicate that it doesn't work with an EC private key even if we change the PKCS headers.

There's also no documentation on how to make it work or an equivalent helper script like mysql_ssl_ec_setup.
[15 Jan 2019 15:48] Daniël van Eeden 
EC works with:
- MySQL 5.7.24 (compiled against OpenSSL, not the default YaSSL)
- MySQL 8.0.13

Private key as PKCS#8:

openssl ec -in mysql.key -noout -text
read EC key
Private-Key: (256 bit)
priv:
<censored>
pub: 
<censored>
ASN1 OID: prime256v1
NIST CURVE: P-256

The private key starts with '-----BEGIN PRIVATE KEY-----'.
You can use "openssl ec -in mysql.key -out mysql_2.key" to convert it from PKCS#8 to the traditional format:
Then mysql_2.key starts with '-----BEGIN EC PRIVATE KEY-----'.

Public key:

openssl x509 -in mysql.crt -noout -text
...
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
<censored>
                ASN1 OID: prime256v1
                NIST CURVE: P-256

...
[7 Oct 2020 12:56] MySQL Verification Team 
Thank you, Daniel.

Not a bug.