Am 17.03.2015 um 13:21 schrieb Bhushan Rane:
I have compiled MySQL with openssl, I am able to connect to MySQL over SSL with TLS1.0 ciphers. But when I tried to connect with TLS1.2 ciphers connection fails with error
MySQL / MariaDB don't support anything better than DHE-RSA-AES128-SHA (AES256 is supported but not more secure than AES128)
* no ECHDE * no AES-GCM * no SHA256 no idea how they manage that because openssl has support ___________________________________ ssl-cipher=DHE-RSA-AES256-SHA256 ssl-cipher=AES256-SHA256 are not supported and don't make much sense anyways ___________________________________the currently best ciphersuite would be the following because AES-GCM is hardware optimized on recent machines (Intel AES) and GCM is *always* better than a stupid CBC cipher
ECDHE-RSA-AES128-GCM-SHA256
signature.asc
Description: OpenPGP digital signature