mysql client ssl connection failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



The problem and solution is posted here for posterity.

On a production CentOS 5.11 system, I recently had a cron job
that started failing.  One of the thing that the cron job does
is connect to a MySQL server via TCP using SSL.

Debugging things got me to the point where invoking the mysql
client would result in:

% mysql
ERROR 2026 (HY000): SSL connection error

(Not exactly informative.)  Given that there have been recent openssl
updates, I figured the problem was there, however the lack of any
decent debug output from mysql/openssl made it hard to figure out.
After going down a few false starts, including looking at the SSL
certificate and root CA, I found this:

 <https://github.com/iuscommunity-pkg/mysql55/issues/4>

It turns out that the default cipher for the mysql client is
hardcoded, and the one specified is no longer supported in the
server.  The solution is to add to /etc/my.cnf (or ~/.my.cnf)
the following (or the equivalent for your preferred cipher) to
the client section(s):

 ssl-cipher=AES128-SHA


Devin

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux