Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 2

Displaying posts with tag: ssl-key (reset)

SSL-related MySQL Bug #62743 Fixed Recently
+1 Vote Up -0Vote Down

I was very pleased to see that the SSL-related MySQL Bug #62743 was just fixed.

Here is the bug for reference:

http://bugs.mysql.com/bug.php?id=62743

In essence, the –ssl-key value was not validated, thus anything could have been specified there.

Your connection would have still been SSL encrypted, which was good at least, but your SSL Key would not have made any difference.

This fix will be included in versions 5.1.66, 5.5.28, 5.6.7, 5.7.0.

For reference, here is the entry that will go into the changelogs:

“The argument to the –ssl-key option was …

  [Read more...]
MySQL SSL Users: BEWARE This Bug
+1 Vote Up -1Vote Down

If you’re using MySQL and SSL, you might want to glance over this article and give your setup a quick test.

I’ve uncovered an alarming bug in 5.5 where one could gain access to your MySQL instance just knowing the username and password (not having any SSL certificate, key, etc.)!

Of course, I’ve filed a bug about it here:

http://bugs.mysql.com/bug.php?id=62743

It’s been over 4 days now, and not one comment from the MySQL Bug/Dev Team.

So once again, I feel the need to share this bug with the public, in case you are using SSL with 5.5, and think your connections are …

  [Read more...]
Showing entries 1 to 2

Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.