Re: C5 recent openssl update breaks mysql SSL connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



In article <013173C7-6AEC-4C2D-9EB7-84C873C89028@xxxxxxxxxxxxxx>,
Leon Fauster <leonfauster@xxxxxxxxxxxxxx> wrote:
> Am 18.08.2015 um 11:27 schrieb lhecking@xxxxxxxxxxxxxxxxxxxxx:
> > 
> >> Maybe so, but still a side issue. Openssl 0.9.8e was recently updated.
> >> Some change in this update has broken something. I would like to understand
> >> what, and so ought the package maintainers. C5 isn't EOL until March 2017.
> > 
> > rpm -q --changelog openssl-0.9.8e. You weren't clear which version you
> > upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1
> > (from March 2014, nevertheless), which works.
> > 
> > I would hazard a guess that this is the change causing your problem.
> > 
> > * Fri Jun 26 2015 Tomas Mraz <tmraz@xxxxxxxxxx> 0.9.8e-36
> > - also change the default DH parameters in s_server to 1024 bits
> > 
> > Here's some more info,
> > 
> > https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
> > 
> > RH must have backported this fix to 0.9.8e.
> > 
> > There seem to be many reports out there that the openssl update broke mysql,
> > but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1,
> > so you're most likely on your own. I'm quite ignorant of mysql, but it looks
> > like you may be able to get this to work again by changing the cipher in mysql
> > and regenerating your cert.
> > 
> > https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4
> > 
> 
> 
> http://lists.centos.org/pipermail/centos/2015-July/153753.html

Cool - that looks like the answer. Just tried it successfully.

Many thanks!

Tony
-- 
Tony Mountifield
Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux