![]() ![]() com/doc/ refman/ 5.7/en/ connection- options. I don't see a way out here which does not compromise on security. I understand the situation is not optimal, but having new security standards requires deprecating the old ones at some point, and when servers and clients are too much out of sync problems arise. There has to be some level of enforcement. In this case it is not possible to simply make the client fallback to a non-encrypted connection if SSL is available but the connection fails, as this mechanism would allow for an easy downgrade attack. IIUC things do not work nicely as the client/server SSL versions are not compatible. PREFERRED: Establish an encrypted connection if the server supports encrypted connections, falling back to an unencrypted connection if an encrypted connection cannot be established. The default is -ssl-mode= PREFERRED, so the SSL connection is not forced, but if the server offers it then the client will use it : com/questions/ 1233186/ ubuntu- 20-04-how- to-set- lower-ssl- security- level com/questions/ 1233186/ ubuntu- 20-04-how- to-set- lower-ssl- security- levelhttps: //askubuntu. com/AmazonRDS/ latest/ AuroraUserGuide /AuroraMySQL. However I won't set the status of this bug to Invalid before hearing back from you, so Incomplete it is for the moment. I don't think this qualifies as an MySQL bug: the issue is with OpenSSL, but it isn't to be reported there as the change has been already widely discussed in both Debian and Ubuntu. I think you can downgrade the minimum OpenSSL requirements for TLS connections as outlined in, however I discourage this for the reasons you can easily imagine. Aurora MySQL 5.7 supports TLS version 1.0, 1.1, and 1.2.Īnd an upgrade path is documented. Aurora MySQL 5.6 supports Transport Layer Security (TLS) version 1.0. System, and then change the bug status back to "New".įor local configuration issues, you can find assistance here:Ĭurrent pager: /home/rafaeldtinoco/.vim/plugged/vimpager/vimpager Provide a more complete description of the problem, explain why youīelieve this is a bug in Ubuntu rather than a problem specific to your Since there is not enough information in your report to begin triage or toĭifferentiate between a local configuration problem and a bug in Ubuntu, IĪm marking this bug as "Incomplete". Could you please provide, together with your report, all your mysql configuration files ? The fact that your mysql client is trying to reach the server using SSL by default gives the impression that my.cnf (or any other included configuration file) is configuring that behavior. Mysql Ver 8.0.19-0ubuntu5 for Linux on x86_64 ((Ubuntu))Ĭurrent pager: /home/rafaeldti noco/.vim/ plugged/ vimpager/ vimpager Thank you for taking the time to file a bug report.Ĭould you please describe your problem with more detailed information ? mysql-server-8.0 default installation in 20.04 does NOT enable SSL by default, in the server, nor in the client: UpgradeStatus: No upgrade log present (probably fresh install) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Beta amd64 (20200409) InstallationDate: Installed on (0 days ago) I tested 16.04, 18.04, 19.10, and I can connect using mysql in all of them. Older versions of Ubuntu don't present this issue. Server version: 5.6.10-log MySQL Community Server (GPL)Īlternative solution: Using instead mariadb-client works without problems. Only way mysql command line works is to add -ssl-mode=DISABLED ![]() I get the same error from C++ scripts using MySQL Connector++. # ERR: SSL connection error: error:1425F102:SSL routines: ssl_choose_ client_ version: unsupported protocol (MySQL error code: 2026, SQLState: HY000 ) I get this error from command line when trying to connect to a remote server: Description: Ubuntu Focal Fossa (development branch) ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |