Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 553772 - dev-db/mysql: DH parameters size / LogJam
Summary: dev-db/mysql: DH parameters size / LogJam
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Linux MySQL bugs team
URL: https://bugs.mysql.com/bug.php?id=77275
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-02 09:14 UTC by Marc Riemer
Modified: 2015-07-30 13:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Riemer 2015-07-02 09:14:00 UTC 
MySQL SSL encrypted connection can't be established by using < mysql-5.7.6 as server and >=openssl-1.0.1n on the client site by using Diffie-Hellman related ciphers.

Reason for this is the minimum DH parameters size of 768 bits, which has been implemented in openssl-1.0.1n. <mysql-5.7.6 is using hard coded 512 bit (vio/viosslfactories.c) DH parameter which will not be accepted by client.

Error:

SSL connection error: error:00000001:lib(0):func(0):reason(1)

Related links:

http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-6.html
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes

Workaround: 

# /etc/mysql/my.cnf 
[mysql]
ssl-cipher = DEFAULT:!DH

[mysqld]
ssl-cipher = DEFAULT:!DH
Comment 1 Brian Evans (RETIRED) gentoo-dev 2015-07-02 12:37:50 UTC 
This should be fixed in the next version of 5.5 and 5.6 series, whenever they are released.
Comment 2 Brian Evans (RETIRED) gentoo-dev 2015-07-30 13:24:44 UTC 
Fixed with versions 5.5.45 and 5.6.26