summaryrefslogtreecommitdiffstats
path: root/mysql-test/main/openssl_6975.test
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 18:00:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 18:00:34 +0000
commit3f619478f796eddbba6e39502fe941b285dd97b1 (patch)
treee2c7b5777f728320e5b5542b6213fd3591ba51e2 /mysql-test/main/openssl_6975.test
parentInitial commit. (diff)
downloadmariadb-3f619478f796eddbba6e39502fe941b285dd97b1.tar.xz
mariadb-3f619478f796eddbba6e39502fe941b285dd97b1.zip
Adding upstream version 1:10.11.6.upstream/1%10.11.6upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'mysql-test/main/openssl_6975.test')
-rw-r--r--mysql-test/main/openssl_6975.test43
1 files changed, 43 insertions, 0 deletions
diff --git a/mysql-test/main/openssl_6975.test b/mysql-test/main/openssl_6975.test
new file mode 100644
index 00000000..bfcb0d56
--- /dev/null
+++ b/mysql-test/main/openssl_6975.test
@@ -0,0 +1,43 @@
+#
+# MDEV-6975 Implement TLS protocol
+#
+# test SSLv3 and TLSv1.2 ciphers when OpenSSL is restricted to SSLv3 or TLSv1.2
+#
+source include/have_ssl_communication.inc;
+source include/require_openssl_client.inc;
+
+# this is OpenSSL test.
+
+create user ssl_sslv3@localhost;
+# grant select on test.* to ssl_sslv3@localhost require cipher "AES128-SHA";
+grant select on test.* to ssl_sslv3@localhost require cipher "AES128-SHA";
+create user ssl_tls12@localhost;
+grant select on test.* to ssl_tls12@localhost require cipher "AES128-SHA256";
+
+let $mysql=$MYSQL --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1;
+
+disable_abort_on_error;
+echo TLS1.2 ciphers: user is ok with any cipher;
+exec $mysql --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256;
+--replace_result DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384
+exec $mysql --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2;
+echo TLS1.2 ciphers: user requires SSLv3 cipher AES128-SHA;
+exec $mysql --user ssl_sslv3 --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256;
+exec $mysql --user ssl_sslv3 --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2;
+echo TLS1.2 ciphers: user requires TLSv1.2 cipher AES128-SHA256;
+exec $mysql --user ssl_tls12 --tls-version=TLSv1.2 --ssl-cipher=AES128-SHA256;
+exec $mysql --user ssl_tls12 --tls-version=TLSv1.2 --ssl-cipher=TLSv1.2;
+
+echo SSLv3 ciphers: user is ok with any cipher;
+exec $mysql --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES256-SHA;
+exec $mysql --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3;
+echo SSLv3 ciphers: user requires SSLv3 cipher AES128-SHA;
+exec $mysql --user ssl_sslv3 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES128-SHA;
+exec $mysql --user ssl_sslv3 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3;
+echo SSLv3 ciphers: user requires TLSv1.2 cipher AES128-SHA256;
+exec $mysql --user ssl_tls12 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=AES128-SHA;
+exec $mysql --user ssl_tls12 --tls-version=TLSv1.0,TLSv1.1,TLSv1.2 --ssl-cipher=SSLv3;
+
+drop user ssl_sslv3@localhost;
+drop user ssl_tls12@localhost;
+