I have disabled SSL3 on my web server to combat the Poodle Vulnerability and now I am unable to connect to my SQL server using SQL Authentication. I just get "Connection forcibly closed by remote host" messages. Can anyone offer any advice? Are there config changes needed on SQL?
Asked
Active
Viewed 4,935 times
2 Answers
1
EDIT 2015-06-19: My initial answer was wrong. See comments for context.
Old (wrong) version of this answer (preserved for context):
Check if your SQL server actually accepts any encryption above SSL3:
- Run the connection client
- Find out what serverport it is connecting to.
- Check with OpenSSL's
s_clientif TLS is supported:openssl s_client -connect Mysqlserver:myserverport -ssl3
openssl s_client -connect Mysqlserver:myserverport -tls1
openssl s_client -connect Mysqlserver:myserverport -tls1_1
openssl s_client -connect Mysqlserver:myserverport -tls1_2
StackzOfZtuff
- 2,045
0
If you disabled SSL_3 by removing ciphers, you have likely also disabled TLS1 and TSL1_1. This leaves TLS1_2 which is not yet supported by all applications.
As I documented in my post on Disabling SSLv3 to block Poodle, you can block SSL3 in Apache with the configuration line.
SSLProtocol all -SSLv3
As suggested by StackzOfStuff, test connectivity with SSL3 and TLS after disabling SSL3.
BillThor
- 28,293
- 3
- 39
- 70