commit c7e194b915f9f725d22d2ea336d1b75f19040569
Author: Laurynas Biveinis <laurynas.biveinis@gmail.com>
Date:   Tue Sep 20 13:11:33 2016 +0300

    Fix bug 82935 / PS-1737 (Cipher ECDHE-RSA-AES128-GCM-SHA256 listed in man/Ssl_cipher_list, not supported)
    
    Invoke OpenSSL eliptic curve setup functions so that EC-DHE ciphers
    are supported. Do this conditionally if the SSL library supports EC.
    Re-record testcases which now negotiate EC ciphers by default.

diff --git a/mysql-test/r/ssl_crl.result b/mysql-test/r/ssl_crl.result
index 08b47ecd01a..fff6b0a5d66 100644
--- a/mysql-test/r/ssl_crl.result
+++ b/mysql-test/r/ssl_crl.result
@@ -28,8 +28,8 @@ ssl_key	MYSQL_TEST_DIR/std_data/crl-server-key.pem
 # try to connect with '--ssl-crl' option using tilde home directoy
 # path substitution : should connect
 Variable_name	Value
-Ssl_cipher	SSL_CIPHER
+Ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256
 # try to connect with '--ssl-crlpath' option using tilde home directoy
 # path substitution : should connect
 Variable_name	Value
-Ssl_cipher	SSL_CIPHER
+Ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256
diff --git a/mysql-test/suite/auth_sec/r/openssl_cert_generation.result b/mysql-test/suite/auth_sec/r/openssl_cert_generation.result
index a70192115b1..a10d70e1e67 100644
--- a/mysql-test/suite/auth_sec/r/openssl_cert_generation.result
+++ b/mysql-test/suite/auth_sec/r/openssl_cert_generation.result
@@ -44,7 +44,7 @@ Pattern "Auto generated SSL certificates are placed in data directory." found
 # Ensure that RSA files are not there in data directory
 # Ensure that server is ssl enabled
 Variable_name	Value
-Ssl_cipher	SSL_CIPHER
+Ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256
 # Test 4 : RSA key pair
 # 4.1 : Restarting mysqld with :
 #       --sha256_password_auto_generate_rsa_keys=1
@@ -92,7 +92,7 @@ Warnings:
 Warning	1287	Using GRANT statement to modify existing user's properties other than privileges is deprecated and will be removed in future release. Use ALTER USER statement for this operation.
 # Should be able to connect to server using generated SSL certificates.
 Variable_name	Value
-Ssl_cipher	SSL_CIPHER
+Ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256
 # Should be able to connect to server using RSA key pair.
 current_user()
 wl7699_sha256@%
@@ -130,7 +130,7 @@ sha256_password_public_key_path	public_key.pem
 # 6.3 : SSL connection
 # Should be able to connect to server using generated SSL certificates.
 Variable_name	Value
-Ssl_cipher	SSL_CIPHER
+Ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256
 # 6.4 : SHA256_password user
 create user wl7699_sha256 identified with 'sha256_password';
 grant usage on *.* to wl7699_sha256 identified by 'abcd';
@@ -138,7 +138,7 @@ Warnings:
 Warning	1287	Using GRANT statement to modify existing user's properties other than privileges is deprecated and will be removed in future release. Use ALTER USER statement for this operation.
 # Should be able to connect to server using generated SSL certificates.
 Variable_name	Value
-Ssl_cipher	SSL_CIPHER
+Ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256
 # Should be able to connect to server using RSA key pair.
 current_user()
 wl7699_sha256@%
diff --git a/mysql-test/suite/auth_sec/t/mysql_ssl_connection.test b/mysql-test/suite/auth_sec/t/mysql_ssl_connection.test
index 6da5f80f1c7..d52e2e5b94f 100644
--- a/mysql-test/suite/auth_sec/t/mysql_ssl_connection.test
+++ b/mysql-test/suite/auth_sec/t/mysql_ssl_connection.test
@@ -7,7 +7,7 @@
 connection default;
 CREATE USER u_20693153@localhost IDENTIFIED BY 'abcd';
 
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --protocol=TCP -uu_20693153 -pabcd --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem -e "SHOW STATUS LIKE 'Ssl_cipher';"
 
 DROP USER u_20693153@localhost;
diff --git a/mysql-test/suite/auth_sec/t/openssl_cert_generation.test b/mysql-test/suite/auth_sec/t/openssl_cert_generation.test
index 998393173d6..d129eb6c123 100644
--- a/mysql-test/suite/auth_sec/t/openssl_cert_generation.test
+++ b/mysql-test/suite/auth_sec/t/openssl_cert_generation.test
@@ -182,7 +182,6 @@ let SEARCH_PATTERN= Auto generated SSL certificates are placed in data directory
 --file_exists $MYSQLTEST_VARDIR/mysqld.1/data/public_key.pem
 
 --echo # Ensure that server is ssl enabled
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
 #-----------------------------------------------------------------------------
 
@@ -284,7 +283,6 @@ grant usage on *.* to wl7699_sha256 identified by 'abcd';
 
 # Using SSL certificates
 --echo # Should be able to connect to server using generated SSL certificates.
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL -uwl7699_sha256 -pabcd --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
 # Using RSA key pair
 --echo # Should be able to connect to server using RSA key pair.
@@ -350,7 +348,6 @@ show variables like 'sha256%';
 
 --echo # 6.3 : SSL connection
 --echo # Should be able to connect to server using generated SSL certificates.
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
 
 
@@ -361,7 +358,6 @@ grant usage on *.* to wl7699_sha256 identified by 'abcd';
 
 # Using SSL certificates
 --echo # Should be able to connect to server using generated SSL certificates.
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL -uwl7699_sha256 -pabcd --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher'"
 # Using RSA key pair
 --echo # Should be able to connect to server using RSA key pair.
diff --git a/mysql-test/suite/auth_sec/t/ssl_auto_detect.test b/mysql-test/suite/auth_sec/t/ssl_auto_detect.test
index b053bf10806..9fe7771676f 100644
--- a/mysql-test/suite/auth_sec/t/ssl_auto_detect.test
+++ b/mysql-test/suite/auth_sec/t/ssl_auto_detect.test
@@ -53,7 +53,7 @@ let SEARCH_PATTERN= CA certificate .* is self signed.;
 
 --echo # Try to establish SSL connection : This must succeed.
 connect (ssl_root_1,localhost,root,,,,,SSL);
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 SHOW VARIABLES LIKE 'have_ssl';
 
@@ -67,7 +67,7 @@ connection default;
 disconnect ssl_root_1;
 
 --echo # Connect using mysql client : This must succeed.
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher';"
 
 
@@ -139,7 +139,7 @@ let SEARCH_PATTERN= CA certificate .* is self signed.;
 --source include/search_pattern.inc
 
 --echo # Try creating SSL connection
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL -uroot --ssl-mode=REQUIRED -e "show status like 'Ssl_cipher';"
 
 
diff --git a/mysql-test/suite/auth_sec/t/tls.test b/mysql-test/suite/auth_sec/t/tls.test
index 212d7b72651..3a34bb32165 100644
--- a/mysql-test/suite/auth_sec/t/tls.test
+++ b/mysql-test/suite/auth_sec/t/tls.test
@@ -42,7 +42,7 @@ if ($openssl == 'Rsa_public_key'){
 --exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW STATUS like 'Ssl_version'"
 
 --echo #T2: Default SSL cipher
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW STATUS like 'Ssl_cipher'"
 
 --echo #T3: Setting TLS version TLSv1.2 (for yassl TLSv1.1) from the client
diff --git a/mysql-test/t/mysql_ssl_default.test b/mysql-test/t/mysql_ssl_default.test
index 9560874e2d5..628347ee0ed 100644
--- a/mysql-test/t/mysql_ssl_default.test
+++ b/mysql-test/t/mysql_ssl_default.test
@@ -11,15 +11,15 @@
 
 --echo # verify that mysql default connect with ssl channel when using TCP/IP
 --echo # connection
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW STATUS like 'Ssl_cipher'"
 
 --echo # verify that mysql --ssl=0 connect with unencrypted channel
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW STATUS like 'Ssl_cipher'" --ssl-mode=DISABLED
 
 --echo # verify that mysql --ssl=1 connect with ssl channel
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --host=127.0.0.1 -P $MASTER_MYPORT -e "SHOW STATUS like 'Ssl_cipher'" --ssl-mode=REQUIRED
 
 CREATE USER u1@localhost IDENTIFIED BY 'secret' REQUIRE SSL;
diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test
index 4495d3b2ca7..e15bbae4485 100644
--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -24,13 +24,13 @@ connection default;
 disconnect con0;
 
 grant select on test.* to ssl_user1@localhost require SSL;
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 -- eval grant select on test.* to ssl_user2@localhost require cipher $cipher_val
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 -- eval grant select on test.* to ssl_user3@localhost require cipher $cipher_val AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 -- eval grant select on test.* to ssl_user4@localhost require cipher $cipher_val AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 -- eval grant select on test.* to ssl_user5@localhost require cipher $cipher_val AND SUBJECT "xxx"
 flush privileges;
 
@@ -44,7 +44,7 @@ connect (con5,localhost,ssl_user5,,,,,SSL);
 
 connection con1;
 # Check ssl turned on
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 select * from t1;
 --error ER_TABLEACCESS_DENIED_ERROR
@@ -52,7 +52,7 @@ delete from t1;
 
 connection con2;
 # Check ssl turned on
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 select * from t1;
 --error ER_TABLEACCESS_DENIED_ERROR
@@ -60,7 +60,7 @@ delete from t1;
 
 connection con3;
 # Check ssl turned on
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 select * from t1;
 --error ER_TABLEACCESS_DENIED_ERROR
@@ -68,7 +68,7 @@ delete from t1;
 
 connection con4;
 # Check ssl turned on
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 select * from t1;
 --error ER_TABLEACCESS_DENIED_ERROR
@@ -146,7 +146,7 @@ drop table t1;
 # verification of servers certificate by setting both ca certificate
 # and ca path to NULL
 #
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --ssl-mode=REQUIRED --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
 --echo End of 5.0 tests
 
@@ -277,7 +277,7 @@ select 'is still running; no cipher request crashed the server' as result from d
 GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
 FLUSH PRIVILEGES;
 connect(con1,localhost,bug42158,,,,,SSL);
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 disconnect con1;
 connection default;
diff --git a/mysql-test/t/plugin_auth_sha256_tls.test b/mysql-test/t/plugin_auth_sha256_tls.test
index 122d2ffebf2..58fb38dcd7c 100644
--- a/mysql-test/t/plugin_auth_sha256_tls.test
+++ b/mysql-test/t/plugin_auth_sha256_tls.test
@@ -1,7 +1,7 @@
 --source include/have_ssl.inc
 
 connect (ssl_con,localhost,root,,,,,SSL);
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 
 CREATE USER 'kristofer' IDENTIFIED WITH 'sha256_password';
diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test
index eaab810895e..1af92c03191 100644
--- a/mysql-test/t/ssl.test
+++ b/mysql-test/t/ssl.test
@@ -11,7 +11,7 @@
 connect (ssl_con,localhost,root,,,,,SSL);
 
 # Check ssl turned on
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 
 # Check ssl expiration
@@ -22,7 +22,7 @@ SHOW STATUS LIKE 'Ssl_server_not_after';
 -- source include/common-tests.inc
 
 # Check ssl turned on
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 
 connection default;
diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test
index f01f8dfeef5..a68849fa227 100644
--- a/mysql-test/t/ssl_8k_key.test
+++ b/mysql-test/t/ssl_8k_key.test
@@ -4,7 +4,7 @@
 #
 # Bug#29784 YaSSL assertion failure when reading 8k key.
 #
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --ssl-mode=REQUIRED --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
 
 ##  This test file is for testing encrypted communication only, not other
diff --git a/mysql-test/t/ssl_ca.test b/mysql-test/t/ssl_ca.test
index 70bea2867e0..946da5ace69 100644
--- a/mysql-test/t/ssl_ca.test
+++ b/mysql-test/t/ssl_ca.test
@@ -9,7 +9,7 @@
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1
 
 --echo # try to connect with correct '--ssl-ca' path : should connect
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
 
 --echo #
@@ -21,15 +21,15 @@
 
 --echo # try to connect with '--ssl-ca' option using tilde home directoy
 --echo # path substitution : should connect
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --ssl-ca=$mysql_test_dir_path/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
 
 --echo # try to connect with '--ssl-key' option using tilde home directoy
 --echo # path substitution : should connect
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$mysql_test_dir_path/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
 
 --echo # try to connect with '--ssl-cert' option using tilde home directoy
 --echo # path substitution : should connect
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$mysql_test_dir_path/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
diff --git a/mysql-test/t/ssl_compress.test b/mysql-test/t/ssl_compress.test
index c18c37acbbb..2b93115aa06 100644
--- a/mysql-test/t/ssl_compress.test
+++ b/mysql-test/t/ssl_compress.test
@@ -11,7 +11,7 @@
 connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
 
 # Check ssl turned on
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 
 # Check compression turned on
@@ -21,7 +21,7 @@ SHOW STATUS LIKE 'Compression';
 -- source include/common-tests.inc
 
 # Check ssl turned on
---replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
 SHOW STATUS LIKE 'Ssl_cipher';
 
 # Check compression turned on
diff --git a/mysql-test/t/ssl_crl.test b/mysql-test/t/ssl_crl.test
index 773a6879702..5097b78a2a5 100644
--- a/mysql-test/t/ssl_crl.test
+++ b/mysql-test/t/ssl_crl.test
@@ -1,18 +1,12 @@
 -- source include/have_ssl.inc
 -- source include/have_openssl.inc
 
-let $crllen=`select length(trim(coalesce(@@ssl_crl, ''))) + length(trim(coalesce(@@ssl_crlpath, '')))`;
-if (!$crllen)
-{
-  skip Needs OpenSSL;
-}
-
 --echo # test --crl for the client : should connect
---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
 --exec $MYSQL --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -e "SHOW VARIABLES like '%ssl%';"
 
 --echo # test --crlpath for the client : should connect
---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
 --exec $MYSQL --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir test -e "SHOW VARIABLES like '%ssl%';"
 
 --echo # try logging in with a certificate in the server's --ssl-crl : should fail
@@ -29,10 +23,10 @@ if (!$crllen)
 
 --echo # try to connect with '--ssl-crl' option using tilde home directoy
 --echo # path substitution : should connect
---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test --ssl-crl=$mysql_test_dir_path/std_data/crl-client-revoked.crl -e "SHOW STATUS LIKE 'Ssl_cipher'"
 
 --echo # try to connect with '--ssl-crlpath' option using tilde home directoy
 --echo # path substitution : should connect
---replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-crlpath=$mysql_test_dir_path/std_data/crldir test -e "SHOW STATUS LIKE 'Ssl_cipher'"
diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
index 4de7241234c..a37d41c9db6 100644
--- a/vio/viosslfactories.cc
+++ b/vio/viosslfactories.cc
@@ -690,6 +690,45 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
   }
   DH_free(dh);
 
+#ifndef HAVE_YASSL
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+  const auto ecdh= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+  if (!ecdh)
+  {
+    *error= SSL_INITERR_DHFAIL;
+    DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
+    report_errors();
+    SSL_CTX_free(ssl_fd->ssl_context);
+    my_free(ssl_fd);
+    DBUG_RETURN(nullptr);
+  }
+
+  if (SSL_CTX_set_tmp_ecdh(ssl_fd->ssl_context, ecdh) != 1)
+  {
+    *error= SSL_INITERR_DHFAIL;
+    DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
+    report_errors();
+    EC_KEY_free(ecdh);
+    SSL_CTX_free(ssl_fd->ssl_context);
+    my_free(ssl_fd);
+    DBUG_RETURN(nullptr);
+  }
+  EC_KEY_free(ecdh);
+
+#else /* OPENSSL_VERSION_NUMBER < 0x10002000L */
+
+  if (SSL_CTX_set_ecdh_auto(ssl_fd->ssl_context, 1) != 1)
+  {
+    *error= SSL_INITERR_DHFAIL;
+    DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
+    report_errors();
+    SSL_CTX_free(ssl_fd->ssl_context);
+    my_free(ssl_fd);
+    DBUG_RETURN(nullptr);
+  }
+#endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
+#endif /* !HAVE_YASSL */
+
   DBUG_PRINT("exit", ("OK 1"));
 
   DBUG_RETURN(ssl_fd);