Bug#26482173: TLS CIPHER NEGOTIATION INCORRECTLY MATCHES ON

              LAST BYTE ONLY (YASSL)


Description:- TLS cipher negociation happens incorrectly
leading to the use of a different

Analysis:- YaSSL based MySQL server will compare only the
last byte of each cipher sent in the Client Hello message.
This can cause TLS connections to fail, due to the server
picking a cipher which the client doesn't actually support.

Fix:- A fix for detecting cipher suites with non leading
zeros is included as YaSSL only supports cipher suites with
leading zeros.

1 files changed, 8 insertions, 0 deletions

diff --git a/extra/yassl/README b/extra/yassl/README
index a3d4f60f561..de1bf5132aa 100644
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,6 +12,14 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.4.4 (8/8/2017)
+    This release of yaSSL fixes an interop issue. A fix for detecting cipher
+    suites with non leading zeros is included as yaSSL only supports cipher
+    suites with leading zeros.  Thanks for the report from Security Innovation
+    and Oracle.
+
+    Users interoping with other SSL stacks should update.
+
 yaSSL Release notes, version 2.4.2 (9/22/2016)
     This release of yaSSL fixes a medium security vulnerability. A fix for
     potential AES side channel leaks is included that a local user monitoring