[openssl-dev] [openssl.org #3911] 1.0.2c: some kind of regression - fails to connect to server where 1.0.2a works fine
Tomas Mraz via RT
rt at openssl.org
Mon Jun 15 14:45:44 UTC 2015
On Po, 2015-06-15 at 14:22 +0000, Arkadiusz Miskiewicz via RT wrote:
> Hello.
>
> I've just upgraded from 1.0.2a to 1.0.2c and now I no longer can connect from
> mysql client to my mysql server. Downgrading to 1.0.2a and the problem is gone.
>
That's because mysql server hardcodes 512 bits DH parameters. That's
insecure and connect is prevented by the LOGJAM fix. You can configure
the server to not use DH ciphersuites as a workaround, or patch the
mysql server to use at least 1024 bits DH parameters.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
More information about the openssl-dev
mailing list