Subject: bug#270: unable to connect using TLSv1.2. Date: Sat, 15 Dec 2018 19:53:44 -0800 From: Thomas Groman <firstname.lastname@example.org> To: Devuan Bug Tracking System <email@example.com> Package: mariadb-client Version: 10.1.37-0+deb9u1 Severity: important -- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 2.0 (ascii) Release: 2.0 Codename: ascii Architecture: x86_64 Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages mariadb-client depends on: ii mariadb-client-10.1 10.1.37-0+deb9u1 mariadb-client recommends no packages. mariadb-client suggests no packages. -- no debconf information Mariadb-client is unable to negotiate to TLSv1.2. I have tested this with server versions: 10.1.37-MariaDB Gentoo Linux mariadb-10.1.37 10.1.34-MariaDB Gentoo Linux mariadb-10.1.34 . It should be noted that only the client version: Ver 15.1 Distrib 10.1.37-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2 is unable to connect to the servers listed previously when TLSv1.2 is enforced. However clients on other operating systems tested: Ver 15.1 Distrib 10.1.34-MariaDB, for Linux (x86_64) using readline 7.0 Ver 15.1 Distrib 10.1.37-MariaDB, for Linux (x86_64) using readline 7.0 are able to connect just fine. Upon further inspection, looking at packet traces with WireShark it appears that the Debian client is only attempting to negotiate a connection with TLSv1.1, which is blacklisted while the Gentoo clients are able to negotiate at TLSv1.2. The Debian client fails and prints "ERROR 2026 (HY000): SSL connection error: unknown error number" to stdout.
From: firstname.lastname@example.org (Devuan bug Tracking System) To: Thomas Groman <email@example.com> Subject: bug#270: Acknowledgement (unable to connect using TLSv1.2.) Thank you for the problem report you have sent regarding Devuan. This is an automatically generated reply, to let you know your message has been received. It is being forwarded to the developers mailing list for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): firstname.lastname@example.org If you wish to submit further information on your problem, please send it to email@example.com (and *not* to firstname.lastname@example.org). Please do not reply to the address at the top of this message, unless you wish to report a problem with the bug-tracking system. Your message specified a Severity: in the pseudo-header, but the severity value important was not recognised. The default severity normal is being used instead. The recognised values are: critical, grave, normal, minor, wishlist. Devuan Bugs Owner (administrator, Devuan bugs database)