Hello,
I want to use MySQL server with SSL support. Although I am selecting SSL option while installing MySQL server port, it doesn't support SSL. Here's the mysql output:
Then I've added this line to /etc/make.conf
When I try to compile MySQL, it gives this security error:
This setup is for remote MySQL replication over internet and I want to enable SSL for secutiy matters. What can you suggest for me to install MySQL with SSL enabled? Is it secure to install it anyway with DISABLE_VULNERABILITIES=yes option?
Thanks for your help.
I want to use MySQL server with SSL support. Although I am selecting SSL option while installing MySQL server port, it doesn't support SSL. Here's the mysql output:
Code:
mysql> show global variables like 'have_%ssl';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
+---------------+----------+
2 rows in set (0.02 sec)
Then I've added this line to /etc/make.conf
Code:
DEFAULT_VERSIONS+=ssl=openssl
When I try to compile MySQL, it gives this security error:
Code:
1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make[1]: stopped in /usr/ports/databases/mysql55-server
*** Error code 1
Stop.
make: stopped in /usr/ports/databases/mysql55-server
===>>> make build failed for databases/mysql55-server
===>>> Aborting update
===>>> Update for mysql55-server-5.5.49 failed
===>>> Aborting update
===>>> There are messages from installed ports to display,
but first take a moment to review the error messages
above. Then press Enter when ready to proceed. ^[[23~
===>>> pkg-message for mysql55-client-5.5.49
Always:
* * * * * * * * * * * * * * * * * * * * * * * *
Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:
http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html
Although this database client is not listed as
"affected", it is vulnerable and will not be
receiving a patch. Please take note of this when
deploying this software.
* * * * * * * * * * * * * * * * * * * * * * * *
This setup is for remote MySQL replication over internet and I want to enable SSL for secutiy matters. What can you suggest for me to install MySQL with SSL enabled? Is it secure to install it anyway with DISABLE_VULNERABILITIES=yes option?
Thanks for your help.