Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls.VersionSSL30 is deprecated. #13958

Closed
xiekeyi98 opened this issue Dec 7, 2019 · 3 comments · Fixed by #24153
Closed

tls.VersionSSL30 is deprecated. #13958

xiekeyi98 opened this issue Dec 7, 2019 · 3 comments · Fixed by #24153
Assignees
@fzhedu
Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. severity/moderate sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.

Comments

@xiekeyi98
Copy link
Contributor

xiekeyi98 commented Dec 7, 2019
edited
Loading

Bug Report

In

tidb/sessionctx/variable/statusvar.go

Lines 100 to 105 in b743208

var tlsVersionString = map[uint16]string{
tls.VersionSSL30: "SSLv3",
tls.VersionTLS10: "TLSv1",
tls.VersionTLS11: "TLSv1.1",
tls.VersionTLS12: "TLSv1.2",
}
we used tls.VersionSSL30 ,but sslv3 is cryptographically broken and will remove in Go1.14 .

See golang/go#32716 for detail.
@xiekeyi98 xiekeyi98 added the type/bug The issue is confirmed as a bug. label Dec 7, 2019
@ghost
Copy link

ghost commented Jul 18, 2020

Confirming this is still an issue in master:

tidb/sessionctx/variable/statusvar.go

Lines 104 to 111 in ace80c7

// Taken from https://github.com/openssl/openssl/blob/c784a838e0947fcca761ee62def7d077dc06d37f/include/openssl/ssl.h#L141 .
var tlsVersionString = map[uint16]string{
tls.VersionSSL30: "SSLv3",
tls.VersionTLS10: "TLSv1",
tls.VersionTLS11: "TLSv1.1",
tls.VersionTLS12: "TLSv1.2",
tls.VersionTLS13: "TLSv1.3",
}

@fzhedu fzhedu self-assigned this Aug 25, 2020
@jebter jebter added the sig/transaction SIG:Transaction label Nov 16, 2020
@ichn-hu ichn-hu mentioned this issue Dec 4, 2020
Closed
@wjhuang2016 wjhuang2016 added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. sig/sql-infra SIG: SQL Infra good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. and removed sig/transaction SIG:Transaction labels Jan 5, 2021
@dveeden
Copy link
Contributor

dveeden commented Apr 20, 2021

From https://docs.pingcap.com/tidb/stable/enable-tls-between-clients-and-servers:
"Because the SSL protocol has known security vulnerabilities, TiDB does not support it."

So I wonder why it's there in the first place. Removing it here should be fine.

dveeden added a commit to dveeden/tidb that referenced this issue Apr 20, 2021
@dveeden
sessionctx: Remove SSLv3 references
d7026e5 
This removes references to SSLv3, which as far as I know was never
supported by TiDB or MySQL.

When the TLS version isn't found in the map it now returns
'unknown_tls_version' in the status var.

Closes pingcap#13958
@dveeden dveeden mentioned this issue Apr 20, 2021
Merged
@ti-srebot
Copy link
Contributor

Please edit this comment or add a new comment to complete the following information

Not a bug

  1. Remove the 'type/bug' label
  2. Add notes to indicate why it is not a bug

Duplicate bug

  1. Add the 'type/duplicate' label
  2. Add the link to the original bug

Bug

Note: Make Sure that 'component', and 'severity' labels are added
Example for how to fill out the template: #20100

1. Root Cause Analysis (RCA) (optional)

2. Symptom (optional)

3. All Trigger Conditions (optional)

4. Workaround (optional)

5. Affected versions

6. Fixed versions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fzhedu fzhedu

Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. severity/moderate sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

sessionctx: Remove SSLv3 references dveeden/tidb
6 participants
@dveeden @jebter @fzhedu @xiekeyi98 @wjhuang2016 @ti-srebot