| Bug #96887 | MYSQL SERVER DOESN'T SET TIMEOUT FOR TLS/SSL SESSIONS CORRECTLY | ||
|---|---|---|---|
| Submitted: | 16 Sep 2019 13:10 | Modified: | 17 Sep 2019 7:30 |
| Reporter: | Przemysław Skibiński (OCA) | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: Security: Encryption | Severity: | S3 (Non-critical) |
| Version: | 8.0.16, 8.0.17 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[17 Sep 2019 7:30]
MySQL Verification Team
Hello Przemysław, Thank you for the report and feedback. Thanks, Umesh
Description: It seems that the fix for Bug#27655457 - MYSQL SERVER DOESN'T SET TIMEOUT FOR TLS/SSL SESSIONS CORRECTLY was introduced at https://github.com/mysql/mysql-server/commit/75793b2a50f and reverted with https://github.com/mysql/mysql-server/commit/c1fffc3c651 I don't think it was intentional. How to repeat: Lokk for SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout); in ssl_do() in vio/viossl.cc Suggested fix: Remove SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout); from ssl_do()