[debian-mysql] Bug#851132: Bug#851132: /usr/sbin/mysqld: ssl_ciphers not working; mariadb built without TLS support?
Otto Kekäläinen
otto at debian.org
Wed Jan 25 10:21:09 UTC 2017
2017-01-25 12:10 GMT+02:00 Matthew Sackman <matthew at wellquite.org>:
> On Wed, Jan 25, 2017 at 09:44:00AM +0200, Otto Kekäläinen wrote:
>> Ok, this is now figured out.
>>
>> To activate YaSSL you must have 'ssl=on' in the config and no
>> ssl_cipher defined.
>
> Erm, ok, but this is somewhat terrifying - I can't disable insecure and
> broken ciphers? I basically would consider anything < TLSv1.2
> insecure and I would expect to be able to restrict even the ciphers
> within TLSv1.2. This is in keeping with standard practise for apache,
> dovecot, postfix etc etc.
I am sorry but we have basically been forbidden from using OpenSSL in
Debian due to license reasons:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761911
If you can get somebody to change their opinion, then we could use
OpenSSL. But still it is sad OpenSSL has such an license. In the long
term migrating to something else would be good.
More information about the pkg-mysql-maint
mailing list