MySQL Forums
Forum List  »  Security

Re: SSL don't work
Posted by: Blue Phaz
Date: February 19, 2014 09:57AM

Thanks for your help, but it's still not working. Firewalls are disabled. MySQL Config:
[mysqld]
ssl-cert = "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-cert.pem"
ssl-key = "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-key.pem"

HeidiSQL: "SSL not used." (both: localhost/other machine[internet])


s_server.bat:
openssl s_server -accept 442 -cert "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-key.pem"
pause

s_client.bat:
openssl s_client -connect 127.0.0.1:442
pause

s_server/s_client test(localhost):

s_server console output:
C:\Users\Administrator\Desktop>openssl s_server -accept 442 -cert "C:/ProgramDat
a/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL S
erver 5.6/ssl/server-key.pem"
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDDmW4S7FY+6ZdorgePx3BJeQ4OsI9itL1XJZhdJtYET
SpoamJUaKTU8KddXlo0BK2ahBgIEUwTTPqIEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-R
SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES2
56-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384
:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-A
ES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECD
H-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH
-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

s_client console output:
C:\Users\Administrator\Desktop>openssl s_client -connect 127.0.0.1:442
Loading 'screen' into random state - done
CONNECTED(000000C8)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC/jCCAeYCAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xNDAyMTkxMzIwNDBaFw0xNTAyMTkxMzIwNDBaMEUxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTD0aPAoAg
2iUsiRF27YvRWfi7IIPl24wTsv+bQxlhVTaHCvNJtbfSCpmAvEdcENUtbDgsgyho
aXGIDIQc/N7buCK33TuFGiIe2Kw17EERiF3tZqTLdf1rJ/84jDYj+sRrZzGjV+R+
96dIDks6KMhhtgBaMdxXk9TVR7bgOlDQeO9lbDyzImu9SeJNNZmnOq3OEm0ajmTU
IJX5/j0fyRSGccxtrv5Tddw18kHDsyRGpqXT724vtRkSzTEdedhKrx5xq7qNtjQS
w6M01RiIH+hIyziJlzMd24VkTwQm45Istj1UG/gbDi1j4haOiSIgq+BLszjmaM6h
ZI+C6Cx/lYnVAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKlFsTirg13ZFJMxKruC
OfpCqCRd27/JG2paPPI01iRGr57j3AF7Rx+anTRdbixehh94ChQq/gTqyFHFsdF1
Uc4CJefBfh9Bgka0ycfxwucPae0/+1EIMBgp2qbiKMVS2j/nuVQers0e/mX+Ezq4
waEVdxO1SuzmVR6W75u9hZUK4h7cv0m4XARZuCXONMkLvyQxHip8cDs4DE7vI+5M
T5npvGghl5nftZRetSjo8QGf+PnAqCF5WNLVV57ooyj4M67XO4MC+RSzLEYxVKLH
Mv95Fqpt/kZNWRaEwpj6H7H2vYX/zGYcR3b+KsZLGbfGIFCB7nYqIuCbh2GTt/Lz
AsA=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1429 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: EDBBF491200F625F18F9B88B4BFB5483DC1A229F2AC15B45105B6C43838283ED

Session-ID-ctx:
Master-Key: E65B84BB158FBA65DA2B81E3F1DC125E4383AC23D8AD2F55C9661749B581134A
9A1A98951A29353C29D757968D012B66
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 7d 7d 85 ed c7 91 76 18-b9 48 47 6f 39 59 af 86 }}....v..HGo9Y..
0010 - c7 55 7b 91 59 36 a3 2d-9c 12 2e 8b e1 ad 01 c9 .U{.Y6.-........
0020 - ab 85 2c 66 62 22 3b 30-0a ad 1d 90 d4 ed 69 41 ..,fb";0......iA
0030 - b5 22 4e 9d 31 c0 93 c4-36 12 40 29 f7 9a fa 65 ."N.1...6.@)...e
0040 - 8d 42 3f fd b3 fb 8b ef-d3 82 7f 4d 4c 2c f7 1a .B?........ML,..
0050 - a0 13 d1 28 28 74 39 e9-24 bf 08 96 46 a7 b4 30 ...((t9.$...F..0
0060 - f0 0d 05 9f 0a b7 a7 83-23 2e 69 5d a6 27 43 99 ........#.i].'C.
0070 - bb 71 69 f0 06 fa 2f 13-4e e3 f5 22 8a 10 d7 51 .qi.../.N.."...Q
0080 - a4 8b 42 92 f5 1a dd cf-19 7f 1c d4 9e 19 01 8e ..B.............
0090 - ad 22 9d b3 a1 d1 51 d1-be 4d eb 5e e6 eb e4 67 ."....Q..M.^...g

Start Time: 1392825150
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---


s_server/s_client test(other machine[internet]):

s_server console output:
C:\Users\Administrator\Desktop>openssl s_server -accept 442 -cert "C:/ProgramDat
a/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL S
erver 5.6/ssl/server-key.pem"
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
gethostbyname failure
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
0 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
0 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)

s_client console output:
Loading 'screen' into random state - done
CONNECTED(000000DC)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 319 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Options: ReplyQuote


Subject
Views
Written By
Posted
4844
February 06, 2014 12:44PM
2183
February 07, 2014 08:23AM
2196
February 07, 2014 09:43AM
2067
February 07, 2014 10:07AM
2727
February 13, 2014 07:13AM
2131
February 13, 2014 07:47AM
2207
February 13, 2014 08:10AM
2151
February 13, 2014 08:33AM
2322
February 13, 2014 08:49AM
2061
February 13, 2014 09:08AM
2117
February 13, 2014 09:24AM
2083
February 14, 2014 02:16AM
2144
February 19, 2014 07:28AM
1853
February 19, 2014 08:15AM
2606
February 19, 2014 09:17AM
1889
February 19, 2014 09:32AM
Re: SSL don't work
3550
February 19, 2014 09:57AM
2122
February 19, 2014 10:00AM
2513
February 20, 2014 02:40AM
2092
February 20, 2014 02:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.