Bug 1232207

Summary: openssl update breaks mysql ssl
Product: Red Hat Enterprise Linux 6 Reporter: Jan Kurik <jkurik>
Component: mysqlAssignee: Jakub Dorňák <jdornak>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: high    
Version: 6.7CC: byte, databases-maint, dukrat, erinn.looneytriggs, hhorak, hkario, howey.vernon, huzaifas, it, jdornak, jherrman, jkurik, ksrot, mdshaikh, ovasik, psklenar, rwilliam, thoger, tlavigne, tmraz, yuhongbao_386
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
With certain versions of OpenSSL, using SSL to log into a MySQL client as root previously failed with a "ERROR 2026 (HY000): SSL connection error" message. This update increases the Diffie-Hellman (DH) key length in MySQL from 512 to 1024 bits, which meets the DH key length requirements for these OpenSSL versions. As a result, SSL can be used as expected in the described scenario.
 Story Points: ---
Clone Of: 1228755 Environment:
Last Closed: 2015-06-22 11:14:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1228755, 1231960, 1272091    
Bug Blocks:    

Description Jan Kurik 2015-06-16 09:45:38 UTC 
This bug has been copied from bug #1228755 and has been proposed
to be backported to 6.6 z-stream (EUS).
Comment 7 errata-xmlrpc 2015-06-22 11:14:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1129.html
Comment 12 Yuhong Bao 2015-08-02 06:33:43 UTC 
Why is this a RHBA and not a RHSA?
Comment 13 Yuhong Bao 2015-08-02 06:56:14 UTC 
Especially as the 512-bit DH group is hardcoded making it trivial to break each connection once the initial work is done.
Comment 14 Martin Prpič 2015-08-05 08:26:02 UTC 
(In reply to Yuhong Bao from comment #12)
> Why is this a RHBA and not a RHSA?

Hi, CVE-2015-4000 (aka Logjam) was assigned by MITRE specifically as a TLS weakness which can lead to the use of export grade ciphers. No other CVEs were assigned. The 512-bit issue can be considered a weakness, that could be exploited only if the prime we shipped was broken. Nevertheless, this issue is not covered under CVE-2015-4000. Since no CVE was assigned for this specific issue, we released the advisory as an RHBA.
Comment 15 Huzaifa S. Sidhpurwala 2015-08-05 08:35:43 UTC 
(In reply to Martin Prpic from comment #14)
> (In reply to Yuhong Bao from comment #12)
> > Why is this a RHBA and not a RHSA?
> 
> Hi, CVE-2015-4000 (aka Logjam) was assigned by MITRE specifically as a TLS
> weakness which can lead to the use of export grade ciphers. No other CVEs
> were assigned. The 512-bit issue can be considered a weakness, that could be
> exploited only if the prime we shipped was broken. Nevertheless, this issue
> is not covered under CVE-2015-4000. Since no CVE was assigned for this
> specific issue, we released the advisory as an RHBA.

To further elaborate. Though 512 bit primes are known as unsafe and can be broken (with computation), this isnt really a vuln. but more of a security hardening.
Comment 16 Yuhong Bao 2015-08-07 04:40:32 UTC 
(In reply to Huzaifa S. Sidhpurwala from comment #15)
> (In reply to Martin Prpic from comment #14)
> > (In reply to Yuhong Bao from comment #12)
> > > Why is this a RHBA and not a RHSA?
> > 
> > Hi, CVE-2015-4000 (aka Logjam) was assigned by MITRE specifically as a TLS
> > weakness which can lead to the use of export grade ciphers. No other CVEs
> > were assigned. The 512-bit issue can be considered a weakness, that could be
> > exploited only if the prime we shipped was broken. Nevertheless, this issue
> > is not covered under CVE-2015-4000. Since no CVE was assigned for this
> > specific issue, we released the advisory as an RHBA.
> 
> To further elaborate. Though 512 bit primes are known as unsafe and can be
> broken (with computation), this isnt really a vuln. but more of a security
> hardening.

The 512-bit prime has to be broken only once, then it takes much less computation to break individual connections and reveal the encryption keys.