tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

mysql SSL regression with OpenSSL 1.0.1p


With recent OpenSSL upgrade, DH parameters below 1024 bits are now
refused. MySQL hardcodes 512 bits DH parameters and will therefore fail
to run SSL connexions with OpenSSL 1.0.1p

A possible workaround is to add ssl_cipher=AES256-SHA (or anything else
without DH) in [client] section of /usr/pkg/etc/my.cnf but that disables
DH ciphers.

Without disabling DH, a fix in required. It has been done upstream:

I backported this for mysql 5.6.x and committed the patches in:

Anyone feel free to backport to earlier versions of MySQL

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index