Just a small update, MDEV-13492 updated with the mentioned details. Kenneth
On Sat, Oct 26, 2019 at 2:45 PM Kenneth Penza <[email protected]> wrote: > Hi Vladislav, > > Thanks for the feedback. I will update MDEV-13492 ( > https://jira.mariadb.org/browse/MDEV-13492) with the setup details, > certificate generation and network traces. > > Kenneth > > > > On Fri, Oct 25, 2019 at 7:00 PM Vladislav Vaintroub <[email protected]> > wrote: > >> Hi Kenneth, >> >> >> >> There have been some reports about this symptoms, but nothing that we >> would be able to reproduce on any of our machines. >> >> So far I think the SSL handshake error that was seen was either >> intermittent “Unknown SSL error (0x80090308)”, say one in couple of hundred >> attempts. for which a workaround is planned ( >> *https://jira.mariadb.org/browse/CONC-417* >> <https://jira.mariadb.org/browse/CONC-417> and several others) . The >> occasional handshake error seems to be schannels own bug, which we could >> reproduce on some machines, and IIRC could workaround by disabling some >> ciphers by fiddling in Schannel’s registry. >> >> >> >> The second one that I heard of, was a complaint by a user, that his >> self-issued certificate works, and company-issued certificate does not, >> failing always with Unknown SSL error (0x80090308) . Unfortunately that >> user did not provide any detail on what he was seeing apart from this >> cryptic description. >> >> >> >> The most reasonable thing you could do to help us to help you, is to use >> that existing bug in JIRA to provide as much information as possible about >> your case, I.e whether or notm the bug is sporadic, whether you’re trying >> to force a specific cipher, details of certificate you’re using on server >> side, and a network trace that you can collect e.g with wireshark, or >> tcpdump on either server or on client side. >> >> >> >> Now why the MySQL client does not fail, it is using the same SSL >> implementation (openssl) on the both client and server side. >> >> >> >> *From: *Kenneth Penza <[email protected]> >> *Sent: *Friday, 25 October 2019 11:07 >> *To: *Mailing-List mariadb <[email protected]> >> *Subject: *[Maria-discuss] SSL issue with Windows MariaDB client >> >> >> >> Good morning, >> >> >> >> Whilst testing SSL of a MariaDB server version 10.4.8 running Linux from >> a Windows 10 machine I noted that connection using MySQL client >> (mysql-8.0.18-winx64) connects successfully, however connections with >> MariaDB client (mariadb-10.4.8-winx64) fails. >> >> >> >> In case of MariaDB I have downloaded the file ( >> https://downloads.mariadb.org/interstitial/mariadb-10.4.8/winx64-packages/mariadb-10.4.8-winx64.zip/from/https%3A//mirror.serverion.com/mariadb >> <https://downloads.mariadb.org/interstitial/mariadb-10.4.8/winx64-packages/mariadb-10.4.8-winx64.zip/from/https%3A/mirror.serverion.com/mariadb>), >> whilst for MySQL client I used ( >> https://dev.mysql.com/downloads/file/?id=490026). >> >> >> >> >> >> C:\temp\mariadb-10.4.8-winx64>mysql --user=penzk001 --password >> --host=<hostname> --port=3306 --tls-version=TLSv1.2 >> --ssl-ca=c:\temp\CACert.pem >> >> Enter password: ******** >> ERROR 2026 (HY000): Unknown SSL error (0x80090308) >> >> C:\temp\mariadb-10.4.8-winx64\bin> cd ..\mysql-8.0.18-winx64\bin >> >> C:\temp\mysql-8.0.18-winx64\bin> mysql --user=penzk001 --password >> --host=<hostname> --port=3306 --tls-version=TLSv1.2 >> --ssl-ca=c:\temp\CACert.pem >> >> Welcome to the MySQL monitor. Commands end with ; or \g. >> >> ... >> >> mysql>\s >> >> ... >> >> SSL: Cipher in use is DHE-RSA-AES128-GCM-SHA256 >> >> ... >> >> mysql> >> >> >> >> To ensure that the SSL certificate is valid I also tried >> "--ssl-mode=VERIFY_IDENTITY" with the mysql-8.0.18 client and it worked >> fine. >> >> >> >> Regards >> >> Kenneth >> >> >> >> >> >
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
