Skip to content

Closes #3207: Add new variable 'mysql-tls_version' controlling the 'tls versions' allowed for client connections #3359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: v2.x
Choose a base branch
from
Open

Closes #3207: Add new variable 'mysql-tls_version' controlling the 'tls versions' allowed for client connections #3359

wants to merge 11 commits into from

Conversation

JavierJF
Copy link
Collaborator

@JavierJF JavierJF commented Mar 19, 2021
edited
Loading

Closes #3207.

@JavierJF JavierJF changed the title Closes #3207: Addd new variable Closes #3207: Add new variable 'admin-tls_version' controlling the 'tls versions' allowed for client connections Mar 19, 2021
renecannao
renecannao requested changes Mar 25, 2021
View reviewed changes
@JavierJF
Copy link
Collaborator Author

Retest this please

@JavierJF JavierJF changed the title Closes #3207: Add new variable 'admin-tls_version' controlling the 'tls versions' allowed for client connections Closes #3207: Add new variable 'mysql-tls_version' controlling the 'tls versions' allowed for client connections Mar 26, 2021
@renecannao renecannao changed the base branch from v2.1.1 to v2.x July 6, 2021 23:14
@JavierJF JavierJF requested a review from renecannao July 13, 2021 17:22
@JavierJF
Copy link
Collaborator Author

retest this please

@JavierJF
Merge branch 'v2.x' of github.com:sysown/proxysql into v2.1.1-3207
e2eead0
@JavierJF
Multiple changes to 'mysql-tls_version' implementation #3207
60f802a 
+ Changed default allowed versions to 'TLSv1.2' and 'TLSv1.3'. This
  change is required due to the recent upgrade to OpenSSL 3.0, which
  deprecated older protocol versions.
+ Added capability for setting older protocol versions than 'TLSv1.2'
  issuing a warning to the user.
+ Refactored extraction of allowed versions from 'mysql_thread___tls_version'
  variable and other minor improvements.
@JavierJF
Make 'test_mysql-tls_version-t' compatible with OpenSSL 3.0 #3207
c4156ac 
+ Test is now compiled against 'libmysqlclient' due to 'libmariadbclient'
  dependency being also compiled against 'OpenSSL 3.0'.
+ Minor refactor and reuse of function from utils.
@JavierJF
Copy link
Collaborator Author

Retest this please.

@JavierJF
Add conditional compilation to 'test_myqsl-tls_version'
5b1d77d 
- Added conditional compilation for 'test_mysql-tls_version' left as an
  example on how to compile tap tests against libmysqlclient.
- Homogenized compilation line in Makefile
@pondix
Copy link
Contributor

pondix commented Mar 10, 2022

Automated message: PR pending admin approval for build testing

@mirostauder
Copy link
Collaborator

retest this please

1 similar comment
@mirostauder
Copy link
Collaborator

retest this please

@linuxmail
Copy link

hi,

is there some activity on it ? :-) It would be very nice to have this options.

cu denny

@mirostauder
Copy link
Collaborator

Can one of the admins verify this patch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renecannao renecannao Awaiting requested review from renecannao

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ssl hardening
5 participants
@JavierJF @pondix @mirostauder @linuxmail @renecannao