MySQL Forums
Forum List  »  Security

Re: SSL don't work
Posted by: Blue Phaz
Date: February 19, 2014 07:28AM

I recreated the certs with no input, but it still won't work. The result of s_server and s_client:

s_server.bat:
openssl s_server -accept 442 -cert "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-key.pem"
pause

s_client.bat:
openssl s_client -connect 127.0.0.1:442
pause

s_server console output:
C:\Users\Administrator\Desktop>openssl s_server -accept 442 -cert "C:/ProgramDat
a/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL S
erver 5.6/ssl/server-key.pem"
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDAXRm+JCub6a9TlGnjEBv6YZn7dTTR/NiVYMKvrTF2m
yeZOh30UMCzcHLrGoU6/ADahBgIEUwSwO6IEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-R
SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES2
56-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384
:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-A
ES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECD
H-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH
-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

s_client console output:
C:\Users\Administrator\Desktop>openssl s_client -connect 127.0.0.1:442
Loading 'screen' into random state - done
CONNECTED(000000C8)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC/jCCAeYCAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xNDAyMTkxMzIwNDBaFw0xNTAyMTkxMzIwNDBaMEUxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTD0aPAoAg
2iUsiRF27YvRWfi7IIPl24wTsv+bQxlhVTaHCvNJtbfSCpmAvEdcENUtbDgsgyho
aXGIDIQc/N7buCK33TuFGiIe2Kw17EERiF3tZqTLdf1rJ/84jDYj+sRrZzGjV+R+
96dIDks6KMhhtgBaMdxXk9TVR7bgOlDQeO9lbDyzImu9SeJNNZmnOq3OEm0ajmTU
IJX5/j0fyRSGccxtrv5Tddw18kHDsyRGpqXT724vtRkSzTEdedhKrx5xq7qNtjQS
w6M01RiIH+hIyziJlzMd24VkTwQm45Istj1UG/gbDi1j4haOiSIgq+BLszjmaM6h
ZI+C6Cx/lYnVAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKlFsTirg13ZFJMxKruC
OfpCqCRd27/JG2paPPI01iRGr57j3AF7Rx+anTRdbixehh94ChQq/gTqyFHFsdF1
Uc4CJefBfh9Bgka0ycfxwucPae0/+1EIMBgp2qbiKMVS2j/nuVQers0e/mX+Ezq4
waEVdxO1SuzmVR6W75u9hZUK4h7cv0m4XARZuCXONMkLvyQxHip8cDs4DE7vI+5M
T5npvGghl5nftZRetSjo8QGf+PnAqCF5WNLVV57ooyj4M67XO4MC+RSzLEYxVKLH
Mv95Fqpt/kZNWRaEwpj6H7H2vYX/zGYcR3b+KsZLGbfGIFCB7nYqIuCbh2GTt/Lz
AsA=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1429 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 12C5FD8BD7D85087698CE16A69F253B99AC0A2ADCD0591291741D38A7B598339

Session-ID-ctx:
Master-Key: 17466F890AE6FA6BD4E51A78C406FE98667EDD4D347F36255830ABEB4C5DA6C9
E64E877D14302CDC1CBAC6A14EBF0036
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 05 51 d2 d1 81 92 78 f7-3d c5 34 9a 58 6d ae 1d .Q....x.=.4.Xm..
0010 - 1e 85 ac 9d 9f f8 57 67-8c f5 fd 53 96 0c 7f 73 ......Wg...S...s
0020 - 57 cf ba e2 d5 ae 18 33-c8 f0 0a 4b 43 0d 30 d1 W......3...KC.0.
0030 - 10 19 3c f2 06 68 68 6b-04 80 43 98 53 1a 3b b6 ..<..hhk..C.S.;.
0040 - 0f e3 3f a5 dd 96 8a 31-ee 98 d9 7e a3 b3 d4 6f ..?....1...~...o
0050 - a2 c3 f1 54 50 ef e4 2d-ab 9b 80 23 71 4d 4e 39 ...TP..-...#qMN9
0060 - b5 0f 0b 77 e5 5e 25 ee-e3 30 dc dd c9 fb f4 b0 ...w.^%..0......
0070 - be 7c 7d f7 5b 1d 43 0c-e3 12 a5 e6 13 e4 59 88 .|}.[.C.......Y.
0080 - 37 ee af d9 18 3d 6d 40-2d 56 3c 4a 59 7c c3 a7 7....=m@-V<JY|..
0090 - 17 31 ad 34 c8 98 86 1a-6e 44 07 4f e3 00 bd d7 .1.4....nD.O....

Start Time: 1392816187
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---



Edited 1 time(s). Last edit at 02/19/2014 07:29AM by Blue Phaz.

Options: ReplyQuote


Subject
Views
Written By
Posted
5020
February 06, 2014 12:44PM
2238
February 07, 2014 08:23AM
2258
February 07, 2014 09:43AM
2131
February 07, 2014 10:07AM
2787
February 13, 2014 07:13AM
2231
February 13, 2014 07:47AM
2275
February 13, 2014 08:10AM
2224
February 13, 2014 08:33AM
2424
February 13, 2014 08:49AM
2116
February 13, 2014 09:08AM
2178
February 13, 2014 09:24AM
2140
February 14, 2014 02:16AM
Re: SSL don't work
2198
February 19, 2014 07:28AM
1936
February 19, 2014 08:15AM
2677
February 19, 2014 09:17AM
1942
February 19, 2014 09:32AM
3620
February 19, 2014 09:57AM
2203
February 19, 2014 10:00AM
2629
February 20, 2014 02:40AM
2175
February 20, 2014 02:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.