diff -up mysql-5.5.21/client/mysqltest.cc.cipherspec mysql-5.5.21/client/mysqltest.cc --- mysql-5.5.21/client/mysqltest.cc.cipherspec 2012-01-31 12:28:16.000000000 +0100 +++ mysql-5.5.21/client/mysqltest.cc 2012-03-09 14:36:57.437295812 +0100 @@ -5458,6 +5458,7 @@ void do_connect(struct st_command *comma my_bool con_ssl= 0, con_compress= 0; my_bool con_pipe= 0, con_shm= 0; struct st_connection* con_slot; + char *con_cipher=NULL; static DYNAMIC_STRING ds_connection_name; static DYNAMIC_STRING ds_host; @@ -5546,6 +5547,8 @@ void do_connect(struct st_command *comma con_pipe= 1; else if (!strncmp(con_options, "SHM", 3)) con_shm= 1; + else if (!strncmp(con_options, "CIPHER:", 7)) + con_cipher = con_options + 7; else die("Illegal option to connect: %.*s", (int) (end - con_options), con_options); @@ -5593,8 +5596,11 @@ void do_connect(struct st_command *comma if (con_ssl) { #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) + /* default cipher */ + if (con_cipher == NULL && opt_ssl_cipher != NULL) + con_cipher = opt_ssl_cipher; mysql_ssl_set(&con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, - opt_ssl_capath, opt_ssl_cipher); + opt_ssl_capath, con_cipher); #if MYSQL_VERSION_ID >= 50000 /* Turn on ssl_verify_server_cert only if host is "localhost" */ opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost"); diff -up mysql-5.5.21/mysql-test/t/openssl_1.test.cipherspec mysql-5.5.21/mysql-test/t/openssl_1.test --- mysql-5.5.21/mysql-test/t/openssl_1.test.cipherspec 2012-03-09 14:36:48.384331508 +0100 +++ mysql-5.5.21/mysql-test/t/openssl_1.test 2012-03-09 14:36:53.585736872 +0100 @@ -20,13 +20,13 @@ grant select on test.* to ssl_user4@loca grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges; -connect (con1,localhost,ssl_user1,,,,,SSL); -connect (con2,localhost,ssl_user2,,,,,SSL); -connect (con3,localhost,ssl_user3,,,,,SSL); -connect (con4,localhost,ssl_user4,,,,,SSL); +connect (con1,localhost,ssl_user1,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); +connect (con2,localhost,ssl_user2,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); +connect (con3,localhost,ssl_user3,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); +connect (con4,localhost,ssl_user4,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (con5,localhost,ssl_user5,,,,,SSL); +connect (con5,localhost,ssl_user5,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); connection con1; # Check ssl turned on @@ -244,7 +244,7 @@ select 'is still running; no cipher requ GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; FLUSH PRIVILEGES; -connect(con1,localhost,bug42158,,,,,SSL); +connect(con1,localhost,bug42158,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); SHOW STATUS LIKE 'Ssl_cipher'; disconnect con1; connection default; diff -up mysql-5.5.21/mysql-test/t/ssl_8k_key.test.cipherspec mysql-5.5.21/mysql-test/t/ssl_8k_key.test --- mysql-5.5.21/mysql-test/t/ssl_8k_key.test.cipherspec 2012-01-31 12:28:15.000000000 +0100 +++ mysql-5.5.21/mysql-test/t/ssl_8k_key.test 2012-03-09 14:36:48.384331508 +0100 @@ -2,7 +2,7 @@ # # Bug#29784 YaSSL assertion failure when reading 8k key. # ---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 +--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem --ssl-cipher=DHE-RSA-AES256-SHA -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 ## This test file is for testing encrypted communication only, not other ## encryption routines that the SSL library happens to provide! diff -up mysql-5.5.21/mysql-test/t/ssl_compress.test.cipherspec mysql-5.5.21/mysql-test/t/ssl_compress.test --- mysql-5.5.21/mysql-test/t/ssl_compress.test.cipherspec 2012-01-31 12:28:15.000000000 +0100 +++ mysql-5.5.21/mysql-test/t/ssl_compress.test 2012-03-09 14:36:53.586736758 +0100 @@ -7,7 +7,7 @@ # Save the initial number of concurrent sessions --source include/count_sessions.inc -connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS); +connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS CIPHER:DHE-RSA-AES256-SHA); # Check ssl turned on SHOW STATUS LIKE 'Ssl_cipher'; diff -up mysql-5.5.21/mysql-test/t/ssl.test.cipherspec mysql-5.5.21/mysql-test/t/ssl.test --- mysql-5.5.21/mysql-test/t/ssl.test.cipherspec 2012-01-31 12:28:15.000000000 +0100 +++ mysql-5.5.21/mysql-test/t/ssl.test 2012-03-09 14:36:53.587736644 +0100 @@ -6,7 +6,7 @@ # Save the initial number of concurrent sessions --source include/count_sessions.inc -connect (ssl_con,localhost,root,,,,,SSL); +connect (ssl_con,localhost,root,,,,,SSL CIPHER:DHE-RSA-AES256-SHA); # Check ssl turned on SHOW STATUS LIKE 'Ssl_cipher';