In article <55D20981.7030902@xxxxxxxxxx>,
Johnny Hughes <johnny@xxxxxxxxxx> wrote:
> On 08/17/2015 10:57 AM, Tony Mountifield wrote:
> > I recently applied updates to a CentOS 5 box running MySQL. I've discovered
> > that the new version of openssl, 0.9.8e-36.0.1.el5_11, breaks MySQL SSL
> > connections.
> >
> > If I rename /lib/libssl.so.0.9.8e and replace it with the old version of
> > that file from openssl-0.9.8e-27.el5_10.1 (not sure if that is the next
> > oldest, but it was handy), then SSL connection to MySQL works again.
> >
> > I then performed cross-checks using the server with new libssl and the
> > client with old, and then vice versa. What I found was that it didn't
> > matter whether the server was started with the old libssl or the new libssl.
> > In both cases, the mysql client would only connect using the old libssl,
> > and not when using the new libssl.
> >
> > When it works with the old libssl, I can confirm that SSL is in use:
> >
> > mysql> \s
> > --------------
> > mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1
> >
> > Connection id: 2
> > Current database:
> > Current user: root@localhost
> > SSL: Cipher in use is DHE-RSA-AES256-SHA
> >
> > The error with the new libssl looks like this:
> >
> > [root@hostname ~]# mysql
> > ERROR 2026 (HY000): SSL connection error
> >
> > Has anyone else come across this? Is it a bug in SSL? Or a new restriction?
> > Do I need to regenerate my certificates using the new openssl?
> >
> > Cheers
> > Tony
> >
>
> You should now be using mysql55 on CentOS-5, not mysql-5.0
That may well be the case, but isn't relevant to the point I'm making,
which is that something changed in openssl-0.9.8e-36 that has broken something.
Cheers
Tony
--
Tony Mountifield
Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
