MySQL Forums
Forum List  »  Security

Advanced Search
New Topic

Re: SSL don't work
Posted by: Blue Phaz
Date: February 19, 2014 09:17AM

I don't want to use any additional files on the client side. If i don't select any cert/key files in HeidiSQL and just check "Use SSL" the same error occurs "SSL not used.". Isn't the encryption the same, if i don't use any cert/key files on the client side?

s_server.bat:
openssl s_server -accept 442 -cert "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-key.pem" -CAfile "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/ca-cert.pem"
pause

s_client.bat:
openssl s_client -connect 127.0.0.1:442 -cert "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/client-cert.pem" -key "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/client-key.pem" -CAfile "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/ca-cert.pem"
pause

s_server console output:
C:\Users\Administrator\Desktop>openssl s_server -accept 442 -cert "C:/ProgramDat
a/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL S
erver 5.6/ssl/server-key.pem" -CAfile "C:/ProgramData/MySQL/MySQL Server 5.6/ssl
/ca-cert.pem"
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDAOlJ4IsGDUm9CBpSpfXYYAE96sm6FmpOWhUY/fc7Lw
veVy61dj8zh175uTBrrlGHShBgIEUwTMIaIEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-R
SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES2
56-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384
:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-A
ES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECD
H-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH
-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

s_client console output:
C:\Users\Administrator\Desktop>openssl s_client -connect 127.0.0.1:442 -cert "C:
/ProgramData/MySQL/MySQL Server 5.6/ssl/client-cert.pem" -key "C:/ProgramData/My
SQL/MySQL Server 5.6/ssl/client-key.pem" -CAfile "C:/ProgramData/MySQL/MySQL Ser
ver 5.6/ssl/ca-cert.pem"
Loading 'screen' into random state - done
CONNECTED(000000C8)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC/jCCAeYCAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xNDAyMTkxMzIwNDBaFw0xNTAyMTkxMzIwNDBaMEUxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTD0aPAoAg
2iUsiRF27YvRWfi7IIPl24wTsv+bQxlhVTaHCvNJtbfSCpmAvEdcENUtbDgsgyho
aXGIDIQc/N7buCK33TuFGiIe2Kw17EERiF3tZqTLdf1rJ/84jDYj+sRrZzGjV+R+
96dIDks6KMhhtgBaMdxXk9TVR7bgOlDQeO9lbDyzImu9SeJNNZmnOq3OEm0ajmTU
IJX5/j0fyRSGccxtrv5Tddw18kHDsyRGpqXT724vtRkSzTEdedhKrx5xq7qNtjQS
w6M01RiIH+hIyziJlzMd24VkTwQm45Istj1UG/gbDi1j4haOiSIgq+BLszjmaM6h
ZI+C6Cx/lYnVAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKlFsTirg13ZFJMxKruC
OfpCqCRd27/JG2paPPI01iRGr57j3AF7Rx+anTRdbixehh94ChQq/gTqyFHFsdF1
Uc4CJefBfh9Bgka0ycfxwucPae0/+1EIMBgp2qbiKMVS2j/nuVQers0e/mX+Ezq4
waEVdxO1SuzmVR6W75u9hZUK4h7cv0m4XARZuCXONMkLvyQxHip8cDs4DE7vI+5M
T5npvGghl5nftZRetSjo8QGf+PnAqCF5WNLVV57ooyj4M67XO4MC+RSzLEYxVKLH
Mv95Fqpt/kZNWRaEwpj6H7H2vYX/zGYcR3b+KsZLGbfGIFCB7nYqIuCbh2GTt/Lz
AsA=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1429 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: CF817D6A008CAB9B6127938CE895B0B9EDF2D3D90823DCBF09B56F0E88CDE399

Session-ID-ctx:
Master-Key: 0E949E08B060D49BD081A52A5F5D860013DEAC9BA166A4E5A1518FDF73B2F0BD
E572EB5763F33875EF9B9306BAE51874
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 0f 1f 03 fd 0d 93 50 09-2e 1c 19 f5 5e 98 79 f9 ......P.....^.y.
0010 - 69 2a 28 d0 a8 e8 19 99-53 94 41 56 f6 95 18 12 i*(.....S.AV....
0020 - 30 07 cc 3d 85 ad 87 f0-28 ae 66 68 60 a0 a3 aa 0..=....(.fh`...
0030 - ed 77 89 e1 6f a0 cc 0b-bd bb c7 0a 33 64 ea 41 .w..o.......3d.A
0040 - 1c 03 be 4c c0 56 a1 77-9f 6f f6 4c c3 29 cb c0 ...L.V.w.o.L.)..
0050 - f7 6f 06 e8 17 1c aa 23-85 58 6e 5d 24 68 a6 d0 .o.....#.Xn]$h..
0060 - 48 9d 28 02 8a 81 5b 14-f6 be f1 12 5f 94 ba f3 H.(...[....._...
0070 - 6d 06 3d 1b 51 67 44 c0-20 fd 12 b3 84 cb d7 0c m.=.QgD. .......
0080 - c1 b0 d6 fe fe e4 17 d7-09 89 fd c0 ba 37 2e 8e .............7..
0090 - 35 26 16 bf 0a 53 9c bc-bf 61 72 b6 11 ce 09 f4 5&...S...ar.....

Start Time: 1392823329
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---



Edited 1 time(s). Last edit at 02/19/2014 09:25AM by Blue Phaz.

Navigate: Previous MessageNext Message
Options: ReplyQuote


Subject
Views
Written By
Posted
SSL don't work
4862
BluePhaz Phaz
February 06, 2014 12:44PM
Re: SSL don't work
2196
Georgi Kodinov
February 07, 2014 08:23AM
Re: SSL don't work
2206
Blue Phaz
February 07, 2014 09:43AM
Re: SSL don't work
2073
Georgi Kodinov
February 07, 2014 10:07AM
Re: SSL don't work
2733
Blue Phaz
February 13, 2014 07:13AM
Re: SSL don't work
2138
Georgi Kodinov
February 13, 2014 07:47AM
Re: SSL don't work
2213
Blue Phaz
February 13, 2014 08:10AM
Re: SSL don't work
2157
Georgi Kodinov
February 13, 2014 08:33AM
Re: SSL don't work
2327
Blue Phaz
February 13, 2014 08:49AM
Re: SSL don't work
2066
Georgi Kodinov
February 13, 2014 09:08AM
Re: SSL don't work
2121
Blue Phaz
February 13, 2014 09:24AM
Re: SSL don't work
2089
Georgi Kodinov
February 14, 2014 02:16AM
Re: SSL don't work
2149
Blue Phaz
February 19, 2014 07:28AM
Re: SSL don't work
1860
Georgi Kodinov
February 19, 2014 08:15AM
Re: SSL don't work
2612
Blue Phaz
February 19, 2014 09:17AM
Re: SSL don't work
1895
Georgi Kodinov
February 19, 2014 09:32AM
Re: SSL don't work
3557
Blue Phaz
February 19, 2014 09:57AM
Re: SSL don't work
2128
Georgi Kodinov
February 19, 2014 10:00AM
Re: SSL don't work
2529
Blue Phaz
February 20, 2014 02:40AM
Re: SSL don't work
2101
Georgi Kodinov
February 20, 2014 02:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.