[debian-mysql] Bug#921151: Bug#921151: unable to connect using TLSv1.2.

Otto Kekäläinen otto at debian.org
Mon Feb 25 13:52:25 GMT 2019 

Hello!

Can you please test again using latest MariaDB release 10.3.13-1
(which now switched to YaSSL and GnuTLS)?

If you can track down the exact issue I would be very grateful for
merge requests on Salsa:
https://wiki.debian.org/Teams/MySQL/patches


la 2. helmik. 2019 klo 12.48 Thomas Groman (tgrom.automail at nuegia.net)
kirjoitti:
>
> Package: mariadb-client
> Version: 10.1.37-0+deb9u1
> Severity: important
>
>
>
> -- System Information:
> Distributor ID: Devuan
> Description:    Devuan GNU/Linux 2.0 (ascii)
> Release:        2.0
> Codename:       ascii
>
> Architecture: x86_64
>
> Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
>
> Versions of packages mariadb-client depends on:
> ii  mariadb-client-10.1  10.1.37-0+deb9u1
>
> mariadb-client recommends no packages.
>
> mariadb-client suggests no packages.
>
> -- no debconf information
>
> Mariadb-client is unable to negotiate to TLSv1.2. I have tested this
> with server versions: 10.1.37-MariaDB Gentoo Linux mariadb-10.1.37
> 10.1.34-MariaDB Gentoo Linux mariadb-10.1.34
> . It should be noted that only the client version:
> Ver 15.1 Distrib 10.1.37-MariaDB, for debian-linux-gnu (x86_64) using
> readline 5.2 is unable to connect to the servers listed previously when
> TLSv1.2 is enforced. However clients on other operating systems tested:
> Ver 15.1 Distrib 10.1.34-MariaDB, for Linux (x86_64) using readline 7.0
> Ver 15.1 Distrib 10.1.37-MariaDB, for Linux (x86_64) using readline 7.0
> are able to connect just fine. Upon further inspection, looking at
> packet traces with WireShark it appears that the Debian client is only
> attempting to negotiate a connection with TLSv1.1, which is blacklisted
> while the Gentoo clients are able to negotiate at TLSv1.2. The Debian
> client fails and prints "ERROR 2026 (HY000): SSL connection error:
> unknown error number" to stdout.
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-mysql-maint



-- 
Otto Kekäläinen
https://keybase.io/ottok

More information about the pkg-mysql-maint mailing list