Bug #90108 status announces that ssl is in use but ssl_chiper is empty on 5.6
Submitted: 16 Mar 2018 11:46 Modified: 16 Mar 2018 18:20
Reporter: NÉSTOR CHACÓN Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Security: Encryption Severity:S3 (Non-critical)
Version:5.6 OS:Ubuntu
Assigned to: CPU Architecture:x86
Tags: ssl cihper

[16 Mar 2018 11:46] NÉSTOR CHACÓN 
Description:
when SSL is in use, status shows the cipher in use:

#$mysql -h host --ssl --ssl-verify-server-cert --ssl-ca=ca.pem
--ssl-cert=cert.pem --ssl-key=key.pem -u user -p

mysql> \s
--------------
mysql  Ver 14.14 Distrib 5.6.23, for Linux (x86_64) using  EditLine wrapper

Connection id:          1051
Current database:
Current user:           xxx@0.0.0.0
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.6.23 MySQL Community Server (GPL)
Protocol version:       10
Connection:             fakehost.fakedomain via TCP/IP
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    utf8
Conn.  characterset:    utf8
TCP port:               3306

But the variable ssl_cipher remains empty.

mysql> show variables like "ssl_cipher";
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| ssl_cipher    |       |
+---------------+-------+
1 row in set (0.00 sec)

mysql>

How to repeat:
Configure and use SSL

Suggested fix:
Show the correct value en var ssl_chiper
[16 Mar 2018 18:20] MySQL Verification Team 
Thank you for the bug report.

https://dev.mysql.com/doc/refman/5.6/en/encrypted-connection-protocols-ciphers.html

Your MySQL connection id is 1
Server version: 5.6.41-log Source distribution 2018-MAR-08

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql 5.6 > SHOW SESSION STATUS LIKE 'Ssl_cipher_list'\G
*************************** 1. row ***************************
Variable_name: Ssl_cipher_list
        Value: DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA:AES256-RMD:AES128-RMD:DES-CBC3-RMD:DHE-RSA-AES256-RMD:DHE-RSA-AES128-RMD:DHE-RSA-DES-CBC3-RMD:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA
1 row in set (0.00 sec)

[mysqld]
basedir=c:\dbs\5.6
datadir=c:\dbs\5.6\data
<CUT>
log-bin
server-id=20
ssl-ca=ca.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem
ssl-cipher= DHE-RSA-AES256-SHA

Your MySQL connection id is 1
Server version: 5.6.41-log Source distribution 2018-MAR-08

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql 5.6 > \s
--------------
c:\dbs\5.6\bin\mysql  Ver 14.14 Distrib 5.6.41, for Win64 (x86_64)

Connection id:          1
Current database:
Current user:           root@localhost
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Using delimiter:        ;
Server version:         5.6.41-log Source distribution 2018-MAR-08
Protocol version:       10
Connection:             localhost via TCP/IP
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    cp850
Conn.  characterset:    cp850
TCP port:               3560
Uptime:                 27 sec

Threads: 1  Questions: 5  Slow queries: 0  Opens: 70  Flush tables: 1  Open tables: 63  Queries per second avg: 0.185
--------------

mysql 5.6 > show variables like "ssl_cipher";
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.00 sec)