percona · inikep · Oct 22, 2019 · Aug 27, 2019 · Aug 28, 2019 · Aug 30, 2019
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -665,12 +665,10 @@ ENDIF()
 # RPM installs documentation directly from the source tree
 #
 IF(NOT INSTALL_LAYOUT MATCHES "RPM")
-  INSTALL(FILES COPYING LICENSE.mysql 
-  DESTINATION ${INSTALL_DOCREADMEDIR} 
-  COMPONENT Readme
-  OPTIONAL
-  )
-  INSTALL(FILES README.MySQL DESTINATION ${INSTALL_DOCREADMEDIR} COMPONENT Readme)
+  INSTALL(FILES
+    README
+    LICENSE
+    DESTINATION ${INSTALL_DOCREADMEDIR} COMPONENT Readme)
   INSTALL(FILES ${CMAKE_BINARY_DIR}/Docs/INFO_SRC ${CMAKE_BINARY_DIR}/Docs/INFO_BIN DESTINATION ${INSTALL_DOCDIR})
   # MYSQL_DOCS_LOCATON is used in "make dist", points to the documentation directory
   SET(MYSQL_DOCS_LOCATION "" CACHE PATH "Location from where documentation is copied")

diff --git a/COPYING b/COPYING
diff --git a/LICENSE b/LICENSE
diff --git a/cmake/os/SunOS.cmake b/cmake/os/SunOS.cmake
@@ -1,4 +1,4 @@
-# Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License, version 2.0,
@@ -24,6 +24,11 @@ INCLUDE(CheckSymbolExists)
 INCLUDE(CheckCSourceRuns)
 INCLUDE(CheckCSourceCompiles) 
 
+SET(SOLARIS 1)
+IF(CMAKE_SYSTEM_PROCESSOR MATCHES "sparc")
+  SET(SOLARIS_SPARC 1)
+ENDIF()
+
 # We require SunStudio 12u2 (CC 5.11)
 IF(NOT FORCE_UNSUPPORTED_COMPILER)
   IF(CMAKE_C_COMPILER_ID MATCHES "SunPro")

diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake
@@ -27,8 +27,7 @@
 #   or
 #     - cmake -DWITH_SSL=</path/to/custom/openssl>
 #
-# The default value for WITH_SSL is "system"
-# set in cmake/build_configurations/feature_set.cmake
+# The default value for WITH_SSL is "system".
 #
 # WITH_SSL="system" means: use the SSL library that comes with the operating
 # system. This typically means you have to do 'yum install openssl-devel'
@@ -37,7 +36,7 @@
 # For Windows or macOS, WITH_SSL="system" is handled a bit differently:
 # We assume you have installed
 #     https://slproweb.com/products/Win32OpenSSL.html
-#     We look for "C:/OpenSSL-Win64/"
+#     We look for "C:/Program Files/OpenSSL-Win64/"
 #     The .dll files must be in your PATH.
 # or
 #     http://brewformulas.org/Openssl
@@ -122,10 +121,7 @@ MACRO (MYSQL_CHECK_SSL)
       IF(APPLE)
         SET(WITH_SSL_PATH "/usr/local/opt/openssl")
       ELSE()
-        SET(WITH_SSL_PATH "C:/OpenSSL-Win64/")
-        # OpenSSL-1.1 requires backport of the patch for
-        # Bug #28179051: ADD SUPPORT FOR OPENSSL 1.1 ON WINDOWS
-        # SET(WITH_SSL_PATH "C:/OpenSSL-1.1-Win64/")
+        SET(WITH_SSL_PATH "C:/Program Files/OpenSSL-Win64/")
       ENDIF()
     ENDIF()
 
@@ -149,6 +145,7 @@ MACRO (MYSQL_CHECK_SSL)
     IF (WIN32)
       FIND_FILE(OPENSSL_APPLINK_C
         NAMES openssl/applink.c
+        NO_DEFAULT_PATH
         HINTS ${OPENSSL_ROOT_DIR}/include
       )
       MESSAGE(STATUS "OPENSSL_APPLINK_C ${OPENSSL_APPLINK_C}")
@@ -250,7 +247,9 @@ MACRO (MYSQL_CHECK_SSL)
       ENDIF()
       MESSAGE(STATUS "SSL_LIBRARIES = ${SSL_LIBRARIES}")
       IF(WIN32 AND WITH_SSL STREQUAL "system")
-        MESSAGE(STATUS "Please do\nPATH=${WITH_SSL_PATH}:$PATH")
+        MESSAGE(STATUS "Please do\nPATH=\"${WITH_SSL_PATH}bin\":$PATH")
+        FILE(TO_NATIVE_PATH "${WITH_SSL_PATH}" WITH_SSL_PATH_XX)
+        MESSAGE(STATUS "or\nPATH=\"${WITH_SSL_PATH_XX}bin\":$PATH")
       ENDIF()
       SET(SSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
       SET(SSL_INTERNAL_INCLUDE_DIRS "")

diff --git a/extra/CMakeLists.txt b/extra/CMakeLists.txt
@@ -59,7 +59,7 @@ ADD_CUSTOM_TARGET(GenError
                   ${PROJECT_SOURCE_DIR}/sql/share/errmsg-utf8.txt)
 
 MYSQL_ADD_EXECUTABLE(my_print_defaults my_print_defaults.c)
-TARGET_LINK_LIBRARIES(my_print_defaults  mysys mysys_ssl)
+TARGET_LINK_LIBRARIES(my_print_defaults mysys mysys_ssl)
 SET_TARGET_PROPERTIES(my_print_defaults PROPERTIES LINKER_LANGUAGE CXX)
 
 MYSQL_ADD_EXECUTABLE(perror perror.c)

diff --git a/libmysql/CMakeLists.txt b/libmysql/CMakeLists.txt
@@ -185,7 +185,10 @@ ELSE()
   LIST(APPEND LIBS_TO_LINK ${ZLIB_LIBRARY})
 ENDIF()
 
-IF(WITH_SSL STREQUAL "system")
+IF(WIN32)
+  OPTION(LINK_DYNAMIC_OPENSSL "On Windows link OpenSSL dynamically" OFF)
+ENDIF()
+IF(WITH_SSL STREQUAL "system" OR LINK_DYNAMIC_OPENSSL)
   LIST(APPEND LIBS_TO_LINK ${SSL_LIBRARIES})
 ELSE()
   LIST(APPEND LIBS_TO_MERGE ${SSL_LIBRARIES})

diff --git a/mysql-test/include/allowed_ciphers.inc b/mysql-test/include/allowed_ciphers.inc
@@ -0,0 +1,10 @@
+
+# List of allowed ciphers which will be
+# replaced with "SSL_CIPHER" in the result files.
+# DHE-XXX ciphers are for OpenSSL 1.0.X while
+# ECDHE-XXX for OpenSSL 1.1.X
+# Usage: --replace_regex $ALLOWED_CIPHERS_REGEX
+#
+
+LET $ALLOWED_CIPHERS_REGEX =
+/DHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-AES128-GCM-SHA256|DHE-RSA-AES256-SHA|ECDHE-RSA-AES256-SHA|DHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384/SSL_CIPHER/;
diff --git a/mysql-test/include/have_openssl.inc b/mysql-test/include/have_openssl.inc
@@ -2,3 +2,4 @@
 disable_query_log;
 show variables like "have_openssl";
 enable_query_log;
+--source include/allowed_ciphers.inc
diff --git a/mysql-test/include/have_ssl.inc b/mysql-test/include/have_ssl.inc
@@ -2,3 +2,4 @@
 disable_query_log;
 show variables like 'have_ssl';
 enable_query_log;
+--source include/allowed_ciphers.inc
diff --git a/mysql-test/include/have_ssl_communication.inc b/mysql-test/include/have_ssl_communication.inc
@@ -2,3 +2,4 @@
 disable_query_log;
 show variables like 'have_ssl';
 enable_query_log;
+--source include/allowed_ciphers.inc
diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result
@@ -2,10 +2,10 @@ drop table if exists t1;
 create table t1(f1 int);
 insert into t1 values (5);
 grant select on test.* to ssl_user1@localhost require SSL;
-grant select on test.* to ssl_user2@localhost require cipher "SSL_CIPHER";
-grant select on test.* to ssl_user3@localhost require cipher "SSL_CIPHER" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client";
-grant select on test.* to ssl_user4@localhost require cipher "SSL_CIPHER" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
-grant select on test.* to ssl_user5@localhost require cipher "SSL_CIPHER" AND SUBJECT "xxx";
+grant select on test.* to ssl_user2@localhost require cipher "SSL_CIPHER";;
+grant select on test.* to ssl_user3@localhost require cipher "SSL_CIPHER" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client";;
+grant select on test.* to ssl_user4@localhost require cipher "SSL_CIPHER" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";;
+grant select on test.* to ssl_user5@localhost require cipher "SSL_CIPHER" AND SUBJECT "xxx";;
 flush privileges;
 connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
@@ -214,19 +214,9 @@ DROP TABLE t1;
 Variable_name	Value
 Ssl_cipher	DHE-RSA-AES256-SHA
 Variable_name	Value
-Ssl_version	TLSv1.2
-Variable_name	Value
 Ssl_cipher	DHE-RSA-AES128-SHA
 Variable_name	Value
-Ssl_version	TLSv1.2
-Variable_name	Value
 Ssl_cipher	AES256-SHA
-Variable_name	Value
-Ssl_version	TLSv1.2
-Variable_name	Value
-Ssl_cipher	DHE-RSA-AES128-SHA
-Variable_name	Value
-Ssl_version	TLSv1.2
 select 'is still running; no cipher request crashed the server' as result from dual;
 result
 is still running; no cipher request crashed the server

diff --git a/mysql-test/suite/auth_sec/t/cert_verify.test b/mysql-test/suite/auth_sec/t/cert_verify.test
@@ -30,7 +30,7 @@ let $ssl_verify_pass_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-veri
 --enable_reconnect
 --source include/wait_until_connected_again.inc
 
---replace_result TLSv1.2 TLS_VERSION TLSv1 TLS_VERSION
+--replace_result TLSv1 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1.2 TLS_VERSION
 --exec $MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'"
 
 --echo # restart server using restart

diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test
@@ -13,20 +13,22 @@ drop table if exists t1;
 create table t1(f1 int);
 insert into t1 values (5);
 
-let $cipher_val= "ECDHE-RSA-AES128-GCM-SHA256";
-if (!`SELECT COUNT(*) FROM information_schema.global_variables WHERE variable_name='have_elliptic_curve_crypto' and variable_value='YES'`) {
-  let $cipher_val= "DHE-RSA-AES128-GCM-SHA256";
-}
+connect (con0,localhost,root,,,,,SSL);
+connection con0;
+let $cipher= query_get_value("SHOW STATUS like 'Ssl_cipher'", Value, 1);
+let $cipher_val= "$cipher";
+connection default;
+disconnect con0;
 
 grant select on test.* to ssl_user1@localhost require SSL;
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
--- eval grant select on test.* to ssl_user2@localhost require cipher $cipher_val
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
--- eval grant select on test.* to ssl_user3@localhost require cipher $cipher_val AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
--- eval grant select on test.* to ssl_user4@localhost require cipher $cipher_val AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
--- eval grant select on test.* to ssl_user5@localhost require cipher $cipher_val AND SUBJECT "xxx"
+--replace_regex $ALLOWED_CIPHERS_REGEX
+--eval grant select on test.* to ssl_user2@localhost require cipher $cipher_val;
+--replace_regex $ALLOWED_CIPHERS_REGEX
+--eval grant select on test.* to ssl_user3@localhost require cipher $cipher_val AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client";
+--replace_regex $ALLOWED_CIPHERS_REGEX
+--eval grant select on test.* to ssl_user4@localhost require cipher $cipher_val AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
+--replace_regex $ALLOWED_CIPHERS_REGEX
+--eval grant select on test.* to ssl_user5@localhost require cipher $cipher_val AND SUBJECT "xxx";
 flush privileges;
 
 connect (con1,localhost,ssl_user1,,,,,SSL);
@@ -39,7 +41,7 @@ connect (con5,localhost,ssl_user5,,,,,SSL);
 
 connection con1;
 # Check ssl turned on
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 SHOW STATUS LIKE 'Ssl_version';
 select * from t1;
@@ -48,7 +50,7 @@ delete from t1;
 
 connection con2;
 # Check ssl turned on
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 SHOW STATUS LIKE 'Ssl_version';
 select * from t1;
@@ -57,7 +59,7 @@ delete from t1;
 
 connection con3;
 # Check ssl turned on
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 SHOW STATUS LIKE 'Ssl_version';
 select * from t1;
@@ -66,7 +68,7 @@ delete from t1;
 
 connection con4;
 # Check ssl turned on
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 SHOW STATUS LIKE 'Ssl_version';
 select * from t1;
@@ -141,7 +143,7 @@ drop table t1;
 # verification of servers certificate by setting both ca certificate
 # and ca path to NULL
 #
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 --exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'; SHOW STATUS LIKE 'ssl_version';" 2>&1
 --echo End of 5.0 tests
 
@@ -228,10 +230,9 @@ DROP TABLE t1;
 #           YaSSL to crash the server.
 #
 
---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher'; SHOW STATUS LIKE 'Ssl_version';" --ssl-cipher=DHE-RSA-AES256-SHA
---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher'; SHOW STATUS LIKE 'Ssl_version';" --ssl-cipher=DHE-RSA-AES128-SHA:
---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher'; SHOW STATUS LIKE 'Ssl_version';" --ssl-cipher=AES256-SHA
---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher'; SHOW STATUS LIKE 'Ssl_version';" --ssl-cipher=DHE-RSA-AES128-SHA
+--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES256-SHA
+--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-mode=REQUIRED --ssl-cipher=DHE-RSA-AES128-SHA
+--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-mode=REQUIRED --ssl-cipher=AES256-SHA
 --disable_query_log
 --disable_result_log
 
@@ -267,7 +268,7 @@ select 'is still running; no cipher request crashed the server' as result from d
 GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
 FLUSH PRIVILEGES;
 connect(con1,localhost,bug42158,,,,,SSL);
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 SHOW STATUS LIKE 'Ssl_version';
 disconnect con1;

diff --git a/mysql-test/t/plugin_auth_sha256_tls.test b/mysql-test/t/plugin_auth_sha256_tls.test
@@ -2,7 +2,7 @@
 --source include/have_ssl.inc
 
 connect (ssl_con,localhost,root,,,,,SSL);
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER DHE-RSA-AES128-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 
 CREATE USER 'kristofer' IDENTIFIED WITH 'sha256_password';

diff --git a/mysql-test/t/ssl-sha512.test b/mysql-test/t/ssl-sha512.test
@@ -9,4 +9,3 @@ GRANT SELECT ON test.* TO u1@localhost REQUIRE SSL;
 --exec $MYSQL -uu1 -psecret -h127.0.0.1 --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-sha512.pem --ssl-cipher=DHE-RSA-AES256-SHA test -e "SHOW VARIABLES like '%ssl%';"
 
 DROP USER u1@localhost;
-
diff --git a/mysql-test/t/ssl.test b/mysql-test/t/ssl.test
@@ -12,7 +12,7 @@
 connect (ssl_con,localhost,root,,,,,SSL);
 
 # Check ssl turned on
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 
 # Check ssl expiration
@@ -23,7 +23,7 @@ SHOW STATUS LIKE 'Ssl_server_not_after';
 -- source include/common-tests.inc
 
 # Check ssl turned on
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 
 connection default;

diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test
@@ -6,7 +6,7 @@
 #
 # Bug#29784 YaSSL assertion failure when reading 8k key.
 #
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 --exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
 
 ##  This test file is for testing encrypted communication only, not other

diff --git a/mysql-test/t/ssl_ca.test b/mysql-test/t/ssl_ca.test
@@ -10,7 +10,7 @@
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1
 
 --echo # try to connect with correct '--ssl-ca' path : should connect
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER DHE-RSA-AES128-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
 
 --echo #
@@ -22,15 +22,15 @@
 
 --echo # try to connect with '--ssl-ca' option using tilde home directoy
 --echo # path substitution : should connect
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER DHE-RSA-AES128-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 --exec $MYSQL --ssl-ca=$mysql_test_dir_path/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
 
 --echo # try to connect with '--ssl-key' option using tilde home directoy
 --echo # path substitution : should connect
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER DHE-RSA-AES128-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$mysql_test_dir_path/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
 
 --echo # try to connect with '--ssl-cert' option using tilde home directoy
 --echo # path substitution : should connect
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER DHE-RSA-AES128-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 --exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$mysql_test_dir_path/std_data/crl-client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
diff --git a/mysql-test/t/ssl_compress.test b/mysql-test/t/ssl_compress.test
@@ -13,7 +13,7 @@
 connect (ssl_compress_con,localhost,root,,,,,SSL COMPRESS);
 
 # Check ssl turned on
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 
 # Check compression turned on
@@ -23,7 +23,7 @@ SHOW STATUS LIKE 'Compression';
 -- source include/common-tests.inc
 
 # Check ssl turned on
---replace_result DHE-RSA-AES128-GCM-SHA256 SSL_CIPHER DHE-RSA-AES256-SHA SSL_CIPHER ECDHE-RSA-AES128-GCM-SHA256 SSL_CIPHER
+--replace_regex $ALLOWED_CIPHERS_REGEX
 SHOW STATUS LIKE 'Ssl_cipher';
 
 # Check compression turned on
Original file line number	Diff line number	Diff line change
Expand Up		@@ -9,4 +9,3 @@ GRANT SELECT ON test.* TO u1@localhost REQUIRE SSL;
		--exec $MYSQL -uu1 -psecret -h127.0.0.1 --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-sha512.pem --ssl-cipher=DHE-RSA-AES256-SHA test -e "SHOW VARIABLES like '%ssl%';"

		DROP USER u1@localhost;