4 files changed, 41 insertions, 5 deletions

diff --git a/mysql-test/main/MDEV-26049.result b/mysql-test/main/MDEV-26049.result
new file mode 100644
index 00000000000..a8d738f453f
--- /dev/null
+++ b/mysql-test/main/MDEV-26049.result
@@ -0,0 +1,10 @@
+TRUE_EXPECTED
+1
+TRUE_EXPECTED
+1
+FALSE_EXPECTED
+0
+TRUE_EXPECTED
+1
+FALSE_EXPECTED
+0
diff --git a/mysql-test/main/MDEV-26049.test b/mysql-test/main/MDEV-26049.test
new file mode 100644
index 00000000000..d68da6c794c
--- /dev/null
+++ b/mysql-test/main/MDEV-26049.test
@@ -0,0 +1,26 @@
+# Tests for SSL connections, only run if mysqld is compiled
+# with support for SSL.
+
+-- source include/have_ssl_communication.inc
+
+# Make sure WolfSSL doesn't return  cipher in use only for ssl_cipher_list. 
+# ssl_cipher_list shouldn't be empty for non secure connections.
+--exec $MYSQL  -e"select count(*) AS TRUE_EXPECTED from information_schema.session_status  where variable_name = 'SSL_CIPHER_LIST' and locate(':', variable_value) > 0"
+
+
+# Note: WolfSSL does support SSL_get_shared_ciphers via OpenSSL compatibility layer, however 
+# it returns only the cipher in use. Therefore we bypass when testing against WolfSSL by checking
+# if there is only one cipher suite returned (locate(':', variable_value) = 0)
+
+# check shared ciphers for TLSv1.1: They should contain a valid cipher <= TLSc1.1, but no TLSv1.2 ciphers
+--exec $MYSQL --ssl --tls_version=TLSv1.1 -e "SELECT count(*) as TRUE_EXPECTED  from information_schema.session_status where variable_name='SSL_SHARED_CIPHERS' and (locate('AES256-SHA', variable_value) > 0 OR /* WolfSSL */ locate(':', variable_value)=0)"
+
+# check that a TLSv1.2 cipher isn't in list of TLSv1 ciphers
+--exec $MYSQL --ssl --tls_version=TLSv1.1 -e "SELECT count(*) AS FALSE_EXPECTED from information_schema.session_status where variable_name='SSL_SHARED_CIPHERS' and locate('AES256-SHA256', variable_value) > 0"
+
+# check that TLSv1.2 contain AES256-SHA256 (TLSv1.2 cipher)
+--exec $MYSQL --ssl --tls_version=TLSv1.2 -e "SELECT count(*) AS TRUE_EXPECTED from information_schema.session_status where variable_name='SSL_SHARED_CIPHERS' and (locate('AES256-SHA256', variable_value) > 0 OR /* WolfSSL */ locate(':', variable_value)=0)"
+
+# check that TLSv1.2 contains no TLSv1.3 cipher
+--exec $MYSQL --ssl --tls_version=TLSv1.2 -e "SELECT count(*) AS FALSE_EXPECTED from information_schema.session_status where variable_name='SSL_SHARED_CIPHERS' and locate('TLS_AES_256_GCM_SHA384', variable_value) > 0"
+
diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result
index 930d384eda9..2728014b219 100644
--- a/mysql-test/main/ssl_cipher.result
+++ b/mysql-test/main/ssl_cipher.result
@@ -61,7 +61,7 @@ connect  ssl_con,localhost,root,,,,,SSL;
 SHOW STATUS LIKE 'Ssl_cipher';
 Variable_name	Value
 Ssl_cipher	AES128-SHA
-SHOW STATUS LIKE 'Ssl_cipher_list';
+SELECT 'Ssl_cipher_list' as Variable_name, 'AES128-SHA' as Value from information_schema.session_status where variable_name='SSL_CIPHER_LIST' and locate('AES128-SHA', variable_value) > 0;
 Variable_name	Value
 Ssl_cipher_list	AES128-SHA
 disconnect ssl_con;
diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test
index 36549d76d02..f9385e21c85 100644
--- a/mysql-test/main/ssl_cipher.test
+++ b/mysql-test/main/ssl_cipher.test
@@ -4,9 +4,9 @@
 #
 --source include/have_ssl_communication.inc
 
-if (`select @@version_ssl_library like 'OpenSSL 1.1.1%'`) {
-  skip OpenSSL 1.1.1;
-}
+#if (`select @@version_ssl_library like 'OpenSSL 1.1.1%'`) {
+#  skip OpenSSL 1.1.1;
+#}
 
 create user ssl_user1@localhost require SSL;
 create user ssl_user2@localhost require cipher 'AES256-SHA';
@@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA;
 source include/restart_mysqld.inc;
 connect (ssl_con,localhost,root,,,,,SSL);
 SHOW STATUS LIKE 'Ssl_cipher';
-SHOW STATUS LIKE 'Ssl_cipher_list';
+SELECT 'Ssl_cipher_list' as Variable_name, 'AES128-SHA' as Value from information_schema.session_status where variable_name='SSL_CIPHER_LIST' and locate('AES128-SHA', variable_value) > 0;
 disconnect ssl_con;
 connection default;