Bug #96887 MYSQL SERVER DOESN'T SET TIMEOUT FOR TLS/SSL SESSIONS CORRECTLY
Submitted: 16 Sep 13:10 Modified: 17 Sep 7:30
Reporter: Przemysław Skibiński (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Encryption Severity:S3 (Non-critical)
Version:8.0.16, 8.0.17 OS:Any
Assigned to: CPU Architecture:Any

[16 Sep 13:10] Przemysław Skibiński
Description:
It seems that the fix for
Bug#27655457 - MYSQL SERVER DOESN'T SET TIMEOUT FOR TLS/SSL
               SESSIONS CORRECTLY
was introduced at https://github.com/mysql/mysql-server/commit/75793b2a50f
and reverted with https://github.com/mysql/mysql-server/commit/c1fffc3c651

I don't think it was intentional.

How to repeat:
Lokk for
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
in ssl_do() in vio/viossl.cc

Suggested fix:
Remove 
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
from ssl_do()
[17 Sep 7:30] Umesh Shastry
Hello Przemysław,

Thank you for the report and feedback.

Thanks,
Umesh