Web lists-archives.com

Re: MySQL - SSL - with TLS1.2 cipher AES256-SHA256 / DHE-RSA-AES256-SHA256





Am 17.03.2015 um 13:21 schrieb Bhushan Rane:
I have compiled MySQL with openssl, I am able to connect to MySQL over
SSL with TLS1.0 ciphers. But when I tried to connect with TLS1.2 ciphers
connection fails with error

MySQL / MariaDB don't support anything better than DHE-RSA-AES128-SHA (AES256 is supported but not more secure than AES128)

* no ECHDE
* no AES-GCM
* no SHA256

no idea how they manage that because openssl has support
___________________________________

ssl-cipher=DHE-RSA-AES256-SHA256
ssl-cipher=AES256-SHA256

are not supported and don't make much sense anyways
___________________________________

the currently best ciphersuite would be the following because AES-GCM is hardware optimized on recent machines (Intel AES) and GCM is *always* better than a stupid CBC cipher

ECDHE-RSA-AES128-GCM-SHA256


Attachment: signature.asc
Description: OpenPGP digital signature