Ensure TLSv1 for SSL connections.

Changed default SSL mode to Preferred in connection string. Now the server connections will be using SSL if server allows it by default but it's possible to override this configuration.

Author: Roberto E. Garcia

CHANGES

@@ -1,3 +1,7 @@
+6.7.8
+ - Changed default SSL mode to Preferred in connection string. Now the server connections will be using SSL if server allows it by default but it's possible to override this configuration.
+
+
 6.7.7
 - Fix for Exception "The given key was not present in the dictionary" when using utf16le charset in a query. (MySql #72737, Oracle Bug #19355906)
 - Fix for Memory leak in a loop opening a connection to the database and executing a command (MySql Bug #73122, Oracle Bug #19467233).

Source/MySql.Data/MySqlConnectionStringBuilder.cs

@@ -1,4 +1,4 @@
-// Copyright © 2013, 2014, Oracle and/or its affiliates. All rights reserved.
+// Copyright © 2013, 2015, Oracle and/or its affiliates. All rights reserved.
 //
 // MySQL Connector/NET is licensed under the terms of the GPLv2
 // <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most 
@@ -185,7 +185,7 @@ static MySqlConnectionStringBuilder()
       options.Add(new MySqlConnectionStringOption("blobasutf8includepattern", null, typeof(string), "", false));
       options.Add(new MySqlConnectionStringOption("blobasutf8excludepattern", null, typeof(string), "", false));
 #if !CF
-      options.Add(new MySqlConnectionStringOption("sslmode", "ssl mode", typeof(MySqlSslMode), MySqlSslMode.None, false));
+      options.Add(new MySqlConnectionStringOption("sslmode", "ssl mode", typeof(MySqlSslMode), MySqlSslMode.Preferred, false));
 #endif
     }
 

Source/MySql.Data/NativeDriver.cs

@@ -376,7 +376,7 @@ private void StartSSL()
           new RemoteCertificateValidationCallback(ServerCheckValidation);
       SslStream ss = new SslStream(baseStream, true, sslValidateCallback, null);
       X509CertificateCollection certs = GetClientCertificates();
-      ss.AuthenticateAsClient(Settings.Server, certs, SslProtocols.Default, false);
+      ss.AuthenticateAsClient(Settings.Server, certs, SslProtocols.Tls, false);
       baseStream = ss;
       stream = new MySqlStream(ss, Encoding, false);
       stream.SequenceByte = 2;

Tests/MySql.Data.Tests/MySqlConnectionTests.cs

@@ -1,4 +1,4 @@
-// Copyright © 2013 Oracle and/or its affiliates. All rights reserved.
+// Copyright © 2013, 2015 Oracle and/or its affiliates. All rights reserved.
 //
 // MySQL Connector/NET is licensed under the terms of the GPLv2
 // <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most 
@@ -1205,5 +1205,38 @@ public void TestNonSupportedOptions()
           Assert.Equal(ConnectionState.Open, c.State);
         }
       }
+
+    [Fact]
+    public void SslPreferredByDefault()
+    {
+      string connectionString = st.GetConnectionString(true);
+      Assert.DoesNotContain("ssl", connectionString, StringComparison.OrdinalIgnoreCase);
+      using (MySqlConnection connection = new MySqlConnection(connectionString))
+      {
+        connection.Open();
+        MySqlCommand command = new MySqlCommand("SHOW SESSION STATUS LIKE 'Ssl_version';", connection);
+        using (MySqlDataReader reader = command.ExecuteReader())
+        {
+          Assert.True(reader.Read());
+          Assert.Equal("TLSv1", reader.GetString(1));
+        }
+      }
+    }
+
+    [Fact]
+    public void SslOverrided()
+    {
+      string connectionString = st.GetConnectionString(true) + ";Ssl mode=None";
+      using (MySqlConnection connection = new MySqlConnection(connectionString))
+      {
+        connection.Open();
+        MySqlCommand command = new MySqlCommand("SHOW SESSION STATUS LIKE 'Ssl_version';", connection);
+        using (MySqlDataReader reader = command.ExecuteReader())
+        {
+          Assert.True(reader.Read());
+          Assert.Equal(string.Empty, reader.GetString(1));
+        }
+      }
+    }
   }
 }