Package: mariadb-client Version: 10.1.37-0+deb9u1 Severity: important
-- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 2.0 (ascii) Release: 2.0 Codename: ascii Architecture: x86_64 Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages mariadb-client depends on: ii mariadb-client-10.1 10.1.37-0+deb9u1 mariadb-client recommends no packages. mariadb-client suggests no packages. -- no debconf information Mariadb-client is unable to negotiate to TLSv1.2. I have tested this with server versions: 10.1.37-MariaDB Gentoo Linux mariadb-10.1.37 10.1.34-MariaDB Gentoo Linux mariadb-10.1.34 . It should be noted that only the client version: Ver 15.1 Distrib 10.1.37-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2 is unable to connect to the servers listed previously when TLSv1.2 is enforced. However clients on other operating systems tested: Ver 15.1 Distrib 10.1.34-MariaDB, for Linux (x86_64) using readline 7.0 Ver 15.1 Distrib 10.1.37-MariaDB, for Linux (x86_64) using readline 7.0 are able to connect just fine. Upon further inspection, looking at packet traces with WireShark it appears that the Debian client is only attempting to negotiate a connection with TLSv1.1, which is blacklisted while the Gentoo clients are able to negotiate at TLSv1.2. The Debian client fails and prints "ERROR 2026 (HY000): SSL connection error: unknown error number" to stdout.