Acknowledgement sent to Thomas Groman <firstname.lastname@example.org>:
New bug report received and forwarded. Copy sent to email@example.com.
Your message specified a Severity: in the pseudo-header, but
the severity value important was not recognised.
The default severity normal is being used instead.
The recognised values are: critical, grave, normal, minor, wishlist.
To: Devuan Bug Tracking System <firstname.lastname@example.org>
Subject: unable to connect using TLSv1.2.
Date: Sat, 15 Dec 2018 19:53:44 -0800
-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 2.0 (ascii)
Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages mariadb-client depends on:
ii mariadb-client-10.1 10.1.37-0+deb9u1
mariadb-client recommends no packages.
mariadb-client suggests no packages.
-- no debconf information
Mariadb-client is unable to negotiate to TLSv1.2. I have tested this
with server versions: 10.1.37-MariaDB Gentoo Linux mariadb-10.1.37
10.1.34-MariaDB Gentoo Linux mariadb-10.1.34
. It should be noted that only the client version:
Ver 15.1 Distrib 10.1.37-MariaDB, for debian-linux-gnu (x86_64) using
readline 5.2 is unable to connect to the servers listed previously when
TLSv1.2 is enforced. However clients on other operating systems tested:
Ver 15.1 Distrib 10.1.34-MariaDB, for Linux (x86_64) using readline 7.0
Ver 15.1 Distrib 10.1.37-MariaDB, for Linux (x86_64) using readline 7.0
are able to connect just fine. Upon further inspection, looking at
packet traces with WireShark it appears that the Debian client is only
attempting to negotiate a connection with TLSv1.1, which is blacklisted
while the Gentoo clients are able to negotiate at TLSv1.2. The Debian
client fails and prints "ERROR 2026 (HY000): SSL connection error:
unknown error number" to stdout.