MariaDB 10.4.13 and ECDHE cipher suites
Hello,
Does MariaDB actually implement ECDHE cipher suites or not ?
After several tests with clients supporting ECDHE ciphers and offering them during the "client hello", in "server hello" the chosen cipher never is ECDHE.
:(none)> SHOW GLOBAL VARIABLES LIKE 'have_openssl'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_openssl | YES | +---------------+-------+ 1 row in set (0.001 sec)
:(none)> SHOW GLOBAL VARIABLES LIKE 'version_ssl_library'; +---------------------+----------------------------------+ | Variable_name | Value | +---------------------+----------------------------------+ | version_ssl_library | OpenSSL 1.0.2k-fips 26 Jan 2017 | +---------------------+----------------------------------+ 1 row in set (0.001 sec)
~]# ldd /opt/mysql/na/10.4.13/sbin/mysqld | grep libcrypto libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f5024bfc000)
In my.cnf
... ssl_cipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!aECDH:!RC4 ...
So, could you please confirm if it is possible to negociate ECDHE ciphers with a MariaDB Server ?
Did I miss something ?
Thanks a lot.
Michel
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.