MySQL Forums
Forum List  »  Security

Re: SSL don't work
Posted by: Blue Phaz
Date: February 19, 2014 09:17AM

I don't want to use any additional files on the client side. If i don't select any cert/key files in HeidiSQL and just check "Use SSL" the same error occurs "SSL not used.". Isn't the encryption the same, if i don't use any cert/key files on the client side?

s_server.bat:
openssl s_server -accept 442 -cert "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-key.pem" -CAfile "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/ca-cert.pem"
pause

s_client.bat:
openssl s_client -connect 127.0.0.1:442 -cert "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/client-cert.pem" -key "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/client-key.pem" -CAfile "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/ca-cert.pem"
pause

s_server console output:
C:\Users\Administrator\Desktop>openssl s_server -accept 442 -cert "C:/ProgramDat
a/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL S
erver 5.6/ssl/server-key.pem" -CAfile "C:/ProgramData/MySQL/MySQL Server 5.6/ssl
/ca-cert.pem"
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDAOlJ4IsGDUm9CBpSpfXYYAE96sm6FmpOWhUY/fc7Lw
veVy61dj8zh175uTBrrlGHShBgIEUwTMIaIEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-R
SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES2
56-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384
:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-A
ES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECD
H-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH
-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

s_client console output:
C:\Users\Administrator\Desktop>openssl s_client -connect 127.0.0.1:442 -cert "C:
/ProgramData/MySQL/MySQL Server 5.6/ssl/client-cert.pem" -key "C:/ProgramData/My
SQL/MySQL Server 5.6/ssl/client-key.pem" -CAfile "C:/ProgramData/MySQL/MySQL Ser
ver 5.6/ssl/ca-cert.pem"
Loading 'screen' into random state - done
CONNECTED(000000C8)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC/jCCAeYCAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xNDAyMTkxMzIwNDBaFw0xNTAyMTkxMzIwNDBaMEUxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTD0aPAoAg
2iUsiRF27YvRWfi7IIPl24wTsv+bQxlhVTaHCvNJtbfSCpmAvEdcENUtbDgsgyho
aXGIDIQc/N7buCK33TuFGiIe2Kw17EERiF3tZqTLdf1rJ/84jDYj+sRrZzGjV+R+
96dIDks6KMhhtgBaMdxXk9TVR7bgOlDQeO9lbDyzImu9SeJNNZmnOq3OEm0ajmTU
IJX5/j0fyRSGccxtrv5Tddw18kHDsyRGpqXT724vtRkSzTEdedhKrx5xq7qNtjQS
w6M01RiIH+hIyziJlzMd24VkTwQm45Istj1UG/gbDi1j4haOiSIgq+BLszjmaM6h
ZI+C6Cx/lYnVAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKlFsTirg13ZFJMxKruC
OfpCqCRd27/JG2paPPI01iRGr57j3AF7Rx+anTRdbixehh94ChQq/gTqyFHFsdF1
Uc4CJefBfh9Bgka0ycfxwucPae0/+1EIMBgp2qbiKMVS2j/nuVQers0e/mX+Ezq4
waEVdxO1SuzmVR6W75u9hZUK4h7cv0m4XARZuCXONMkLvyQxHip8cDs4DE7vI+5M
T5npvGghl5nftZRetSjo8QGf+PnAqCF5WNLVV57ooyj4M67XO4MC+RSzLEYxVKLH
Mv95Fqpt/kZNWRaEwpj6H7H2vYX/zGYcR3b+KsZLGbfGIFCB7nYqIuCbh2GTt/Lz
AsA=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1429 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: CF817D6A008CAB9B6127938CE895B0B9EDF2D3D90823DCBF09B56F0E88CDE399

Session-ID-ctx:
Master-Key: 0E949E08B060D49BD081A52A5F5D860013DEAC9BA166A4E5A1518FDF73B2F0BD
E572EB5763F33875EF9B9306BAE51874
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 0f 1f 03 fd 0d 93 50 09-2e 1c 19 f5 5e 98 79 f9 ......P.....^.y.
0010 - 69 2a 28 d0 a8 e8 19 99-53 94 41 56 f6 95 18 12 i*(.....S.AV....
0020 - 30 07 cc 3d 85 ad 87 f0-28 ae 66 68 60 a0 a3 aa 0..=....(.fh`...
0030 - ed 77 89 e1 6f a0 cc 0b-bd bb c7 0a 33 64 ea 41 .w..o.......3d.A
0040 - 1c 03 be 4c c0 56 a1 77-9f 6f f6 4c c3 29 cb c0 ...L.V.w.o.L.)..
0050 - f7 6f 06 e8 17 1c aa 23-85 58 6e 5d 24 68 a6 d0 .o.....#.Xn]$h..
0060 - 48 9d 28 02 8a 81 5b 14-f6 be f1 12 5f 94 ba f3 H.(...[....._...
0070 - 6d 06 3d 1b 51 67 44 c0-20 fd 12 b3 84 cb d7 0c m.=.QgD. .......
0080 - c1 b0 d6 fe fe e4 17 d7-09 89 fd c0 ba 37 2e 8e .............7..
0090 - 35 26 16 bf 0a 53 9c bc-bf 61 72 b6 11 ce 09 f4 5&...S...ar.....

Start Time: 1392823329
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---



Edited 1 time(s). Last edit at 02/19/2014 09:25AM by Blue Phaz.

Options: ReplyQuote


Subject
Views
Written By
Posted
4654
February 06, 2014 12:44PM
2137
February 07, 2014 08:23AM
2121
February 07, 2014 09:43AM
2014
February 07, 2014 10:07AM
2664
February 13, 2014 07:13AM
2064
February 13, 2014 07:47AM
2135
February 13, 2014 08:10AM
2105
February 13, 2014 08:33AM
2258
February 13, 2014 08:49AM
1979
February 13, 2014 09:08AM
2054
February 13, 2014 09:24AM
2016
February 14, 2014 02:16AM
2084
February 19, 2014 07:28AM
1795
February 19, 2014 08:15AM
Re: SSL don't work
2536
February 19, 2014 09:17AM
1822
February 19, 2014 09:32AM
3456
February 19, 2014 09:57AM
2066
February 19, 2014 10:00AM
2365
February 20, 2014 02:40AM
2028
February 20, 2014 02:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.