On 11/09/17 15:37, Ondřej Surý wrote:
> Hi Kristian,
>
> could you please be more specific? What did you try, what works and
> what doesn't. Any error messages you get, and the exact configuration
> would also be helpful.
>
> Ondřej
>
> On Mon 11 Sep 2017, 16:21 Kristian Kocher <kristian.koc...@it.ox.ac.uk
> <mailto:kristian.koc...@it.ox.ac.uk>> wrote:
>
> Package: mariadb-server-10.1
> Version: 10.1.26-0+deb9u1
> Severity: important
>
> Dear Maintainer,
>
> At the moment it is only possible to have encrypted communications
> using certificates signed with SHA1 but this is considered insecure.
>
> Kind regards,
>
> Kristian
>
> ___
> pkg-mysql-maint mailing list
> pkg-mysql-ma...@lists.alioth.debian.org
> <mailto:pkg-mysql-ma...@lists.alioth.debian.org>
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
>
> --
> Ondřej Surý <ond...@sury.org <mailto:ond...@sury.org>>
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
> fast DNS(SEC) resolver
> Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby
> pro pečení chleba všeho druhu
Hi Ondřej,
Thank you for looking into this.
I have tried using a certificate from a real CA that signs certificates
with SHA256, but clients could not connect using ssl (the error message
was: ERROR 2026 (HY000): SSL connection error: protocol version mismatch).
Without changing the config, but just using a self signed certificate
signed using SHA1 everything works fine.
It looks like it might be the version of YaSSL used in the package does
not support SHA256.
Kind regards,
Kristian
signature.asc
Description: OpenPGP digital signature
