LP #1472701: SSL failing due to small DH key
General
Escalation
General
Escalation
Description
Environment
None
Smart Checklist
Activity
Show:
Aaditya Dubey December 10, 2023 at 8:33 AM
Hi ,
Closing the report, no activity for a long!
Done
Details
Details
Assignee
Unassigned
UnassignedReporter
lpjirasync
lpjirasync(Deactivated)Labels
Affects versions
Priority
LowSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created January 14, 2018 at 5:15 PM
Updated December 10, 2023 at 8:33 AM
Resolved December 10, 2023 at 8:33 AM
**Reported in Launchpad by Stephen Colebrook last update 21-07-2015 15:23:15
Opening a fresh bug report on Cluster as the issue has been marked as Fix Released on standalone but there have been no coding changes on github for cluster to implement the fix.
Please see https://bugs.launchpad.net/percona-server/+bug/1462856 for details about this bug in the standalone server edition. This issue prevents SSL connections to any Percona XtraDB Cluster from any server with a fully patched openssl that requires 768 bit or more DH keys.
This issue should be considered a significant security issue as the only workarounds are to not use ssl connections, use a non DH cipher or not upgrade openssl to an affected version (which introduces it's own set of security issues).
Please port the patch from Percona Server to Cluster and issue a security release. This is a month old at this point and needs to be resolved as soon as possible.