Tony Mountifield
2015-Aug-18 08:27 UTC
[CentOS] C5 recent openssl update breaks mysql SSL connection
In article <55D20981.7030902 at centos.org>, Johnny Hughes <johnny at centos.org> wrote:> On 08/17/2015 10:57 AM, Tony Mountifield wrote: > > I recently applied updates to a CentOS 5 box running MySQL. I've discovered > > that the new version of openssl, 0.9.8e-36.0.1.el5_11, breaks MySQL SSL > > connections. > > > > If I rename /lib/libssl.so.0.9.8e and replace it with the old version of > > that file from openssl-0.9.8e-27.el5_10.1 (not sure if that is the next > > oldest, but it was handy), then SSL connection to MySQL works again. > > > > I then performed cross-checks using the server with new libssl and the > > client with old, and then vice versa. What I found was that it didn't > > matter whether the server was started with the old libssl or the new libssl. > > In both cases, the mysql client would only connect using the old libssl, > > and not when using the new libssl. > > > > When it works with the old libssl, I can confirm that SSL is in use: > > > > mysql> \s > > -------------- > > mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1 > > > > Connection id: 2 > > Current database: > > Current user: root at localhost > > SSL: Cipher in use is DHE-RSA-AES256-SHA > > > > The error with the new libssl looks like this: > > > > [root at hostname ~]# mysql > > ERROR 2026 (HY000): SSL connection error > > > > Has anyone else come across this? Is it a bug in SSL? Or a new restriction? > > Do I need to regenerate my certificates using the new openssl? > > > > Cheers > > Tony > > > > You should now be using mysql55 on CentOS-5, not mysql-5.0That may well be the case, but isn't relevant to the point I'm making, which is that something changed in openssl-0.9.8e-36 that has broken something. Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org
John R Pierce
2015-Aug-18 08:30 UTC
[CentOS] C5 recent openssl update breaks mysql SSL connection
On 8/18/2015 1:27 AM, Tony Mountifield wrote:>> You should now be using mysql55 on CentOS-5, not mysql-5.0 > That may well be the case, but isn't relevant to the point I'm making, > which is that something changed in openssl-0.9.8e-36 that has broken something.mysql 5.0 and openssl 0.9.8 are both ancient and way past their expiration date. -- john r pierce, recycling bits in santa cruz
Tony Mountifield
2015-Aug-18 08:55 UTC
[CentOS] C5 recent openssl update breaks mysql SSL connection
In article <55D2ED32.6040000 at hogranch.com>, John R Pierce <pierce at hogranch.com> wrote:> On 8/18/2015 1:27 AM, Tony Mountifield wrote: > >> You should now be using mysql55 on CentOS-5, not mysql-5.0 > > That may well be the case, but isn't relevant to the point I'm making, > > which is that something changed in openssl-0.9.8e-36 that has broken something. > > mysql 5.0 and openssl 0.9.8 are both ancient and way past their > expiration date.Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. Some change in this update has broken something. I would like to understand what, and so ought the package maintainers. C5 isn't EOL until March 2017. Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org
Maybe Matching Threads
- C5 recent openssl update breaks mysql SSL connection
- C5 recent openssl update breaks mysql SSL connection
- C5 recent openssl update breaks mysql SSL connection
- C5 recent openssl update breaks mysql SSL connection
- C5 recent openssl update breaks mysql SSL connection