[CentOS] C5 recent openssl update breaks mysql SSL connection

Tue Aug 18 10:43:58 UTC 2015
Tony Mountifield <tony at softins.co.uk>

In article <20150818092704.GA13601 at users.sourceforge.net>,
 <lhecking at users.sourceforge.net> wrote:
> 
> > Maybe so, but still a side issue. Openssl 0.9.8e was recently updated.
> > Some change in this update has broken something. I would like to understand
> > what, and so ought the package maintainers. C5 isn't EOL until March 2017.
> 
>  rpm -q --changelog openssl-0.9.8e. You weren't clear which version you
>  upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1
>  (from March 2014, nevertheless), which works.
> 
>  I would hazard a guess that this is the change causing your problem.
> 
> * Fri Jun 26 2015 Tomas Mraz <tmraz at redhat.com> 0.9.8e-36
> - also change the default DH parameters in s_server to 1024 bits
> 
>  Here's some more info,
> 
>  https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
> 
>  RH must have backported this fix to 0.9.8e.
> 
>  There seem to be many reports out there that the openssl update broke mysql,
>  but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1,
>  so you're most likely on your own. I'm quite ignorant of mysql, but it looks
>  like you may be able to get this to work again by changing the cipher in mysql
>  and regenerating your cert.
> 
>  https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4

Interesting... many thanks for the pointers! Something for me to experiment with...

Cheers
Tony

-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org