Summary: | <dev-db/mysql-5.7.3: SSL/TLS downgrade | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | cyberbat83, mysql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/04/29/4 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=612922 | ||
Whiteboard: | A3 [ebuild] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 625626 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-04-29 14:34:19 UTC
*** Bug 554480 has been marked as a duplicate of this bug. *** Maintainers please advise if this is fixed by Bug #625626 (In reply to Yury German from comment #2) > Maintainers please advise if this is fixed by Bug #625626 As of MySQL 5.6.30, the --ssl option remains for compatibility while being phased out in the future. --ssl-mode=REQUIRED will enforce SSL/TLS connections. This was further refined in 5.6.36 to include a library change to enforce these connections I think at this point, we can call it FIXED. Thanks to ajak for investigating this with me. |