Package: libdbd-mysql-perl Version: 4.050-5+b1 Followup-For: Bug #1032074 Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Upgrading from Debian Buster to Debian Bookworm. I have custom perl scripts that run my Linux Kernel patch management system which make use of DBD::mysql to contact a MariaDB server in another VM. The MariaDB server is running Debian Buster. Capturing traffic on port 3306 and examining with wireshark reveals that when a Debian Buster system is used to connect to the Debian Buster MariaDB server, it uses TLS v1.3. However, Debian Bookworm's DBD::mysql uses TLS v1.1, as does /usr/bin/mysql. This means that if a recent non-buggy TLS version is required to connect to a Debian Buster mariadb, Debian Bookworm systems are incompatible due to the lower TLS version that they support. I have tried configuring a minimum TLS version in /etc/ssl/openssl.cnf to increase the security level via: [openssl_init] +ssl_conf = ssl_sect +[ssl_sect] +system_default = system_default_sect +[system_default_sect] +MinProtocol = TLSv1.2 +CipherString = DEFAULT@SECLEVEL=2 but this still results in DBD::mysql using TLS v1.1. This obviously causes a regression where the mariadb server is set to a modern minimum non-buggy security level, and thus has *security* implications given that TLS v1.1 is no longer regarded as secure. I suspect this is a problem with mariadb shipped with Debian Bookworm rather than being specific to the perl DBD driver. *** End of the template - remove these template lines *** -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: armhf (armv7l) Kernel: Linux 6.1.0+ (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libdbd-mysql-perl depends on: ii libc6 2.36-9 ii libdbi-perl [perl-dbdabi-94] 1.643-4 ii libmariadb3 1:10.11.3-1 ii perl 5.36.0-7 ii perl-base [perlapi-5.36.0] 5.36.0-7 libdbd-mysql-perl recommends no packages. libdbd-mysql-perl suggests no packages. -- no debconf information
