MySQL ERROR 2026 - SSL connection error - Ubuntu 20.04

半腔热情 提交于 2021-02-06 15:19:17

问题


I've recently upgraded my local machine OS from Ubuntu 18.04 to 20.04, I'm running my MySQL-server on CentOS (AWS). Post upgrade whenever I'm trying to connect to MySQL server it is throwing SSL connection error.

$ mysql -u yamcha -h database.yourproject.com -p --port 3309

ERROR 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

But if I pass --ssl-mode=disabled option along with it, I'm able to connect remotely.

$ mysql -u yamcha -h database.yourproject.com -p --port 3309 --ssl-mode=disabled

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 22158946
Server version: 5.7.26 MySQL Community Server (GPL)

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 

Queries:

  1. How to connect without passing --ssl-mode=disabled
  2. How to pass this --ssl-mode=disabled option in my Django application, currently I've defined it as shown below, but I'm still getting the same error.
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'yamcha',
        'USER': 'yamcha',
        'PASSWORD': 'xxxxxxxxxxxxxxx',
        'HOST': 'database.yourproject.com',
        'PORT': '3309',
        'OPTIONS': {'ssl': False},
    }

回答1:


Ubuntu 20 has improved the security level. The only way i could connect whas allowing the tls 1 .

Edit this file:

/usr/lib/ssl/openssl.cnf

And put at the beginning of file:

openssl_conf = default_conf

And in the end of that file too:

[ default_conf ]

ssl_conf = ssl_sect

[ssl_sect]

system_default = ssl_default_sect

[ssl_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=1

It help me a lot: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level




回答2:


Add this to your mysql 5.7 server config file and then restart your mysql service

[mysqld]
tls_version=TLSv1.2

Now you should be able to connect to it using tls 1.2, which is the default in Ubuntu 20.04




回答3:


Bump mysqlclient to v2.X, which added ssl_mode option, https://github.com/PyMySQL/mysqlclient-python/blob/master/HISTORY.rst

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'yamcha',
        'USER': 'yamcha',
        'PASSWORD': 'xxxxxxxxxxxxxxx',
        'HOST': 'database.yourproject.com',
        'PORT': '3309',
        'OPTIONS': {'ssl_mode': 'DISABLED'},
    }
}



回答4:


For anyone googling, you can use this flag in mysql cmd: --ssl-mode=DISABLED. I.E:

mysql -uuser -p'myPassw0rd!' -hmysql.company.com --ssl-mode=DISABLED


来源:https://stackoverflow.com/questions/61649764/mysql-error-2026-ssl-connection-error-ubuntu-20-04

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!