Re: C5 recent openssl update breaks mysql SSL connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 18.08.2015 um 11:27 schrieb lhecking@xxxxxxxxxxxxxxxxxxxxx:
> 
>> Maybe so, but still a side issue. Openssl 0.9.8e was recently updated.
>> Some change in this update has broken something. I would like to understand
>> what, and so ought the package maintainers. C5 isn't EOL until March 2017.
> 
> rpm -q --changelog openssl-0.9.8e. You weren't clear which version you
> upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1
> (from March 2014, nevertheless), which works.
> 
> I would hazard a guess that this is the change causing your problem.
> 
> * Fri Jun 26 2015 Tomas Mraz <tmraz@xxxxxxxxxx> 0.9.8e-36
> - also change the default DH parameters in s_server to 1024 bits
> 
> Here's some more info,
> 
> https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
> 
> RH must have backported this fix to 0.9.8e.
> 
> There seem to be many reports out there that the openssl update broke mysql,
> but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1,
> so you're most likely on your own. I'm quite ignorant of mysql, but it looks
> like you may be able to get this to work again by changing the cipher in mysql
> and regenerating your cert.
> 
> https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4
> 


http://lists.centos.org/pipermail/centos/2015-July/153753.html

--
LF

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux