From d7026e516021c7afeb75a9dbfa39cb53b7d8e590 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Tue, 20 Apr 2021 07:59:21 +0200 Subject: [PATCH] sessionctx: Remove SSLv3 references This removes references to SSLv3, which as far as I know was never supported by TiDB or MySQL. When the TLS version isn't found in the map it now returns 'unknown_tls_version' in the status var. Closes #13958 --- sessionctx/variable/statusvar.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sessionctx/variable/statusvar.go b/sessionctx/variable/statusvar.go index 0d3a4eee1aabf..ce7d17de09705 100644 --- a/sessionctx/variable/statusvar.go +++ b/sessionctx/variable/statusvar.go @@ -103,7 +103,6 @@ var tlsSupportedCiphers string // Taken from https://github.com/openssl/openssl/blob/c784a838e0947fcca761ee62def7d077dc06d37f/include/openssl/ssl.h#L141 . var tlsVersionString = map[uint16]string{ - tls.VersionSSL30: "SSLv3", tls.VersionTLS10: "TLSv1", tls.VersionTLS11: "TLSv1.1", tls.VersionTLS12: "TLSv1.2", @@ -137,7 +136,11 @@ func (s defaultStatusStat) Stats(vars *SessionVars) (map[string]interface{}, err statusVars["Ssl_cipher_list"] = tlsSupportedCiphers // tls.VerifyClientCertIfGiven == SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE statusVars["Ssl_verify_mode"] = 0x01 | 0x04 - statusVars["Ssl_version"] = tlsVersionString[vars.TLSConnectionState.Version] + if tlsVersion, tlsVersionKnown := tlsVersionString[vars.TLSConnectionState.Version]; tlsVersionKnown { + statusVars["Ssl_version"] = tlsVersion + } else { + statusVars["Ssl_version"] = "unknown_tls_version" + } } return statusVars, nil