Hello
I work on fedora 13 with openssl 1.0.0.c and mysql server 5.1. I have a
strange situation. When I create certyificat on server and setup mysql
to use this certyficat, client mysql on this host connect with ssl
encription correctly. From other many Fedora 13 also correctly but from
Debian and windows xp Mysql return error 2026. If certificates are
generated on Debian with openssl 0.98 and here is mysql server with ssl,
Windows xp and other host communicate properly certified with mysql on
debian.
Where is problem. Below ssldump of server:
1 1 0.0035 (0.0035) C>S V3.1(89) Handshake
ClientHello
Version 3.1
random[32]=
91 6d 3f d5 f3 aa 9f 91 33 ec 85 93 4c 38 ad b6
33 f6 d2 ca a4 41 2c 84 1d 32 60 e3 52 f5 b2 35
cipher suites
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x7e
Unknown value 0x7d
Unknown value 0x7c
Unknown value 0x79
Unknown value 0x78
Unknown value 0x77
Unknown value 0x74
Unknown value 0x73
Unknown value 0x72
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
compression methods
NULL
1 2 0.0149 (0.0114) S>C V3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
4d 19 99 52 94 62 af e6 e9 53 0d be da 3f 90 ce
2d bd e5 2b 8e d0 1f b4 0e 42 5a 7e d1 81 58 d2
session_id[32]=
b6 1c b9 f0 0c 41 5a be a2 30 b2 a2 2b 46 53 a0
8e cf bf 67 1c e6 65 08 cb ae bf b8 8f c3 d2 1a
cipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
1 3 0.0150 (0.0001) S>C V3.1(1797) Handshake
Certificate
1 4 0.0150 (0.0000) S>C V3.1(397) Handshake
ServerKeyExchange
params
DH_p[64]=
da 58 3c 16 d9 85 22 89 d0 e4 af 75 6f 4c ca 92
dd 4b e5 33 b8 04 fb 0f ed 94 ef 9c 8a 44 03 ed
57 46 50 d3 69 99 db 29 d7 76 27 6b a2 d3 d4 12
e2 18 f4 dd 1e 08 4c f6 d8 00 3e 7c 47 74 e8 33
DH_g[1]=
02
DH_Ys[64]=
4a 75 85 11 31 eb af 04 2e 71 e1 bd 5a 61 78 8a
9c 17 d7 df 3b 95 95 da e2 b4 fa 55 76 b0 01 0f
b5 a3 36 3f f3 65 fb 47 8f 01 98 e3 52 88 12 95
f8 96 ee 7b 85 7f 6b 51 8a be 9c 5c 03 38 ba 24
signature[256]=
b1 77 06 2f 0d 2b 12 26 a4 a8 32 98 15 1e 41 1f
41 c7 9f 57 d9 39 2e 6b 44 3b 8b bd 5f 59 ab 30
e8 01 d6 67 f0 43 2f 90 d9 ca 62 b2 d4 60 fa 9f
f6 02 8f 8e 33 b2 81 dd 92 16 88 e3 20 34 3b 02
d9 ae a5 be f9 52 48 b1 27 88 b0 a6 09 67 39 ec
dc 9c c1 8a e4 13 94 ad d9 0b e5 c0 a9 ee 1f 5d
67 2a 98 b5 5d 34 f3 dc 8b f5 6b 2c a7 d7 ea 67
7f 2b 04 e5 5a 59 62 9d 82 49 8d e6 f4 d2 63 74
5a 4e 7d 3b ec 04 4a b5 cb b5 5a d4 9f 72 c5 a5
11 17 6e 75 a1 ec ce 90 3a 0c b6 87 9d 7c b2 57
7b b1 61 ba ba 69 13 bb 2d f7 82 45 6e 2b 38 d1
7a 9a 05 f8 90 ae 0c 10 a1 d8 12 88 d4 07 9e 23
c2 a1 a5 52 63 75 91 d9 e1 61 de 9f 4b a7 68 58
d6 e0 64 ee 62 c5 31 74 f8 19 a1 6c 3c 28 65 0d
1a a9 1c e6 7d c7 1a 43 df 8c 7f 76 a8 9f 2a 66
e5 9e 13 f9 53 fd 80 b8 44 3d 2c 29 a0 56 fe 91
1 5 0.0150 (0.0000) S>C V3.1(15) Handshake
CertificateRequest
certificate_types rsa_fixed_dh
certificate_types dss_fixed_dh
certificate_types rsa_sign
certificate_types dss_sign
ServerHelloDone
1 6 0.0188 (0.0037) C>S V3.1(70) Handshake
ClientKeyExchange
DiffieHellmanClientPublicValue[64]=
47 bd 6d 17 a7 24 e3 f2 de e3 b9 cc ac 0f 27 5a
f2 47 9b a8 bc a7 c9 06 f0 24 01 9f c7 78 4c 0a
38 08 b1 90 de 2e ae fb c4 91 7b ab 5c a0 e6 7f
fd 6c c5 4c 1a 36 5c 71 45 86 66 f4 c2 0e c8 4d
1 7 0.0188 (0.0000) C>S V3.1(1) ChangeCipherSpec
1 8 0.0188 (0.0000) C>S V3.1(48) Handshake
1 9 0.0189 (0.0001) S>C V3.1(2) Alert
level fatal
value unexpected_message
1 0.0192 (0.0002) S>C TCP FIN
1 0.0194 (0.0002) C>S TCP FIN
Regards
Artur Slowik
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
