Page 1 of 1

MySQL 8.x uses TLSv1.2 as default for hMailserver 5.6.7 (Official/Stable)

Posted: 2018-12-15 18:48
by Dravion
Using the latest libmysql.dll version (5.6.7 32-Bit) which is required for hMailServer Installation for MySQL 8.x
connects in version 5.7.24 by default with TLSv1.2 with a preconfigured SSL Server cert

See: "2018-12-15T16:19:18.638262Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed." in the Error log.

#From MySQL 8.x general log
C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe, Version: 8.0.11 (MySQL Community Server - GPL). started with:
TCP Port: 3306, Named Pipe: (null)
Time Id Command Argument
2018-12-15T16:19:18.838638Z 7 Connect
2018-12-15T16:19:18.839101Z 7 Query SELECT @@skip_networking, @@skip_name_resolve, @@have_ssl='YES', @@ssl_key, @@ssl_ca, @@ssl_capath, @@ssl_cert, @@ssl_cipher, @@ssl_crl, @@ssl_crlpath, @@tls_version
2018-12-15T16:19:18.842764Z 7 Quit
2018-12-15T16:20:16.967091Z 8 Connect hmsusr@localhost on hmailserver using SSL/TLS

#Settingsinfo about used Cyphers and TLS Protocol by MySQL 8

mysql> SHOW SESSION STATUS LIKE 'Ssl_version';
+---------------+---------+
| Variable_name | Value |
+---------------+---------+
| Ssl_version | TLSv1.2 |
+---------------+---------+
1 row in set (0.14 sec)

mysql> SHOW SESSION STATUS LIKE 'Ssl_cipher';
+---------------+---------------------------+
| Variable_name | Value |
+---------------+---------------------------+
| Ssl_cipher | DHE-RSA-AES128-GCM-SHA256 |
+---------------+---------------------------+
1 row in set (0.00 sec)

So, at least using MySQL 8.x leads automatically in activating TLSv1.2 for hMailServer official.