[openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Working as intended on the OpenSSL side. Marking resolved. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
On Po, 2015-06-15 at 14:22 +, Arkadiusz Miskiewicz via RT wrote: Hello. I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. That's because mysql server hardcodes 512 bits DH parameters. That's insecure and connect is prevented by the LOGJAM fix. You can configure the server to not use DH ciphersuites as a workaround, or patch the mysql server to use at least 1024 bits DH parameters. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Hello Arkadiusz, On 6/15/2015 8:22 AM, Arkadiusz Miskiewicz via RT wrote: I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. 1.0.2c: $ mysql -u user -p -h host Enter password: ERROR 2026 (HY000): SSL connection error: error:0001:lib(0):func(0):reason(1) You seem to be running into the following: http://bugs.mysql.com/bug.php?id=77275 It's fixed in MySQL Server 5.7 (RC), and will be fixed in 5.6 (GA) shortly. You appear to be using Percona builds, so they may apply the patch from 5.7 on a different schedule - best to inquire directly with them. Best regards, -- Todd Farmer Director, Technical Product Management, MySQL MySQL @ Oracle ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
On Po, 2015-06-15 at 14:22 +, Arkadiusz Miskiewicz via RT wrote: Hello. I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. That's because mysql server hardcodes 512 bits DH parameters. That's insecure and connect is prevented by the LOGJAM fix. You can configure the server to not use DH ciphersuites as a workaround, or patch the mysql server to use at least 1024 bits DH parameters. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Hello Arkadiusz, On 6/15/2015 8:22 AM, Arkadiusz Miskiewicz via RT wrote: I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone. 1.0.2c: $ mysql -u user -p -h host Enter password: ERROR 2026 (HY000): SSL connection error: error:0001:lib(0):func(0):reason(1) You seem to be running into the following: http://bugs.mysql.com/bug.php?id=77275 It's fixed in MySQL Server 5.7 (RC), and will be fixed in 5.6 (GA) shortly. You appear to be using Percona builds, so they may apply the patch from 5.7 on a different schedule - best to inquire directly with them. Best regards, -- Todd Farmer Director, Technical Product Management, MySQL MySQL @ Oracle ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Hello.
I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from
mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone.
1.0.2c:
$ mysql -u user -p -h host
Enter password:
ERROR 2026 (HY000): SSL connection error:
error:0001:lib(0):func(0):reason(1)
1.0.2a:
$ mysql -u user -p -h host
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 233
Server version: 5.6.20-68.0-log PLD/Linux Distribution MySQL RPM
Copyright (c) 2009-2015 Percona LLC and/or its affiliates
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
13:00:05 mysql{1} \s
--
mysql Ver 14.14 Distrib 5.6.24-72.2, for Linux (x86_64) using 6.3
Connection id: 233
Current database:
Current user: u...@some.ip.address
SSL:Cipher in use is DHE-RSA-AES256-SHA
[...]
Server side is using 1.0.2a.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
