tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
mysql SSL regression with OpenSSL 1.0.1p
Hello
With recent OpenSSL upgrade, DH parameters below 1024 bits are now
refused. MySQL hardcodes 512 bits DH parameters and will therefore fail
to run SSL connexions with OpenSSL 1.0.1p
A possible workaround is to add ssl_cipher=AES256-SHA (or anything else
without DH) in [client] section of /usr/pkg/etc/my.cnf but that disables
DH ciphers.
Without disabling DH, a fix in required. It has been done upstream:
https://github.com/mysql/mysql-server/commit/866b988a76e8e7e217017a7883a
52a12ec5024b9
I backported this for mysql 5.6.x and committed the patches in:
pkgsrc/databases/mysql56-client/patches/patch-include_violite.h
pkgsrc/databases/mysql56-client/patches/patch-vio_viosslfactories.c
Anyone feel free to backport to earlier versions of MySQL
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index