[openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Working as intended on the OpenSSL side. Marking resolved. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
On Po, 2015-06-15 at 14:22 +, Arkadiusz Miskiewicz via RT wrote: Hello. I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. That's because mysql server hardcodes 512 bits DH parameters. That's insecure and connect is prevented by the LOGJAM fix. You can configure the server to not use DH ciphersuites as a workaround, or patch the mysql server to use at least 1024 bits DH parameters. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Hello Arkadiusz, On 6/15/2015 8:22 AM, Arkadiusz Miskiewicz via RT wrote: I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. 1.0.2c: $ mysql -u user -p -h host Enter password: ERROR 2026 (HY000): SSL connection error: error:0001:lib(0):func(0):reason(1) You seem to be running into the following: http://bugs.mysql.com/bug.php?id=77275 It's fixed in MySQL Server 5.7 (RC), and will be fixed in 5.6 (GA) shortly. You appear to be using Percona builds, so they may apply the patch from 5.7 on a different schedule - best to inquire directly with them. Best regards, -- Todd Farmer Director, Technical Product Management, MySQL MySQL @ Oracle ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
On Po, 2015-06-15 at 14:22 +, Arkadiusz Miskiewicz via RT wrote: Hello. I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. That's because mysql server hardcodes 512 bits DH parameters. That's insecure and connect is prevented by the LOGJAM fix. You can configure the server to not use DH ciphersuites as a workaround, or patch the mysql server to use at least 1024 bits DH parameters. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Hello Arkadiusz, On 6/15/2015 8:22 AM, Arkadiusz Miskiewicz via RT wrote: I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. 1.0.2c: $ mysql -u user -p -h host Enter password: ERROR 2026 (HY000): SSL connection error: error:0001:lib(0):func(0):reason(1) You seem to be running into the following: http://bugs.mysql.com/bug.php?id=77275 It's fixed in MySQL Server 5.7 (RC), and will be fixed in 5.6 (GA) shortly. You appear to be using Percona builds, so they may apply the patch from 5.7 on a different schedule - best to inquire directly with them. Best regards, -- Todd Farmer Director, Technical Product Management, MySQL MySQL @ Oracle ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Hello. I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. 1.0.2c: $ mysql -u user -p -h host Enter password: ERROR 2026 (HY000): SSL connection error: error:0001:lib(0):func(0):reason(1) 1.0.2a: $ mysql -u user -p -h host Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 233 Server version: 5.6.20-68.0-log PLD/Linux Distribution MySQL RPM Copyright (c) 2009-2015 Percona LLC and/or its affiliates Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 13:00:05 mysql{1} \s -- mysql Ver 14.14 Distrib 5.6.24-72.2, for Linux (x86_64) using 6.3 Connection id: 233 Current database: Current user: u...@some.ip.address SSL:Cipher in use is DHE-RSA-AES256-SHA [...] Server side is using 1.0.2a. -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) ___ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev