Hi,
As explained by Robie, Lars and me in the comments above this is not a
bug, but an intentional bump in the OpenSSL minimal protocol
requirements for secure connections. For this reason I marked the
mysql-8.0 task as Invalid.
We understand there are cases where a downgrade may be necessary, fo
I found this answer very useful: https://askubuntu.com/a/1250807
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
MySQL client fails to connect, seems to force SSL
To manage notificatio
This is still an issue. I use AWS. I upgraded from 18.04 to 20.04 and
got not supported errors for SSL using MySQL workbench. I did fix my
issue by upgrading my DB from 5.6.21 to 5.6.46. TLS 1.0 is supported on
all versions. TLS 1.1 and 1.2 is ONLY supported on 5.6.41 and up. Same
applies to the 5.
I was able to work around this by reinstalling the latest OpenSSL libs
from source on Ubuntu 20.04 (which was not ideal - but it worked).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
I can confirm this behavior with 20.04 (mysql-client
8.0.20-0ubuntu0.20.04.1) connecting to MySQL-Server (5.7.22-1.el7) on
CentOS Linux release 7.5.1804 (Core). The MySQL connection worked before
the dist-upgrade from 18.04 to 20.04, the CentOS MySQL-Server was not
changed at all.
--
You received
Turns out I was NOT using PyMysql ... Ansible fell back to a different
database library that was not honoring the lack of ssl. Using PyMysql,
`ssl_mode=DISABLED` works.Also, rails database config needs to add
`ssl_mode: disabled` to connect without SSL.
--
You received this bug notificati
Hi,
Rafael's suggestion (comment 27) may help in your case too, however
according to [1] Amazon RDS supports TLS 1.2, so I'd check if anything
has to be enabled or upgraded on the server side to make it work.
[1] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide
/infrastructure-security.html
I'm seeing this using a new Ubuntu 20.04 server trying to connect to AWS
RDS instance where I have never needed or used SSL before. Using ssl-
mode=DISABLED works to get the command line mysql to work, but ansible
mysql_db using PyMySQL seems to not honor that.
--
You received this bug notifi
just checking, you're trying to:
OPENSSL_CONF=~/.openssl.cnf
and getting the error ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
MySQL client fails to connect, seems to force SSL
@rafaeldtinoco, I tried that but nothing changed:
Now If I do:
OPENSSL_CONF=~/.openssl.cnf openssl ciphers -tls1 -s
I get:
ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-
ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-
AES128-SHA:AES256-SHA:AES128-SHA
However when I try to
@qlands, for those type of cases, can't you do something like:
OPENSSL_CONF= binary
to those binaries linked to libssl 1.1.1f- ?
Example:
$ openssl ciphers -tls1 -s
but...
$ OPENSSL_CONF=~/.openssl.cnf openssl ciphers -tls1 -s
ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-
Other problems with --ssl-mode=PREFERRE by default happens with third-
party libraries like Qt. For example, the current version of QMYSQL does
not allow to change the SSL mode because it assumes --ssl-mode=DISABLED
by default or to indicate the SSL parameters for an SSL connection.
Therefore, Qt
Hi,
The default is --ssl-mode=PREFERRED, so the SSL connection is not
forced, but if the server offers it then the client will use it [1]:
PREFERRED: Establish an encrypted connection if the server supports
encrypted connections, falling back to an unencrypted connection if an
encrypted connectio
I am also facing the same issue when exporting data from AWS MySQL
instance using the workbench. Data export works for one version of MySQL
(5.7.22) but not for the other(5.7.19) version. I am able to view data
and export individual table data but not the whole database at once.
MySQL workbench ver
Sorry, I am connecting over SSH not SSL.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
MySQL client fails to connect, seems to force SSL
To manage notifications about this bug go to:
Even with a compatible MySQL version, the client should not try to force
an SSL connection when it is not requested.
For now, --ssl-mode=DISABLED is required, so this is IMO, a confirmed
bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
Hi, according to [1]:
- Aurora MySQL 5.6 supports Transport Layer Security (TLS) version 1.0.
- Aurora MySQL 5.7 supports TLS version 1.0, 1.1, and 1.2.
and an upgrade path is documented [2]. I think you can downgrade the
minimum OpenSSL requirements for TLS connections as outlined in [3],
howev
Sorry `--ssl-mode=DISABLED` works for mysqldump as well.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
MySQL client fails to connect, seems to force SSL
To manage notifications abou
I have the same issue with mysqldump when using port forwarding over
ssh.
mysqldump: Got error: 2026: SSL connection error: error:1425F102:SSL
routines:ssl_choose_client_version:unsupported protocol when trying to connect
Unfortunately I couldn't figure out a workaround hence `--ssl-mode=DISAB
So this is a real problem for anyone trying to talk to a server over
which they have no control.
I get this error message when running fetchmail to (try to, but fail to)
download mail from an IMAP server. In 19.10 it worked.
Making 1.2 the minimum default is OK, but there has to be some simple
wa
The problem with using ssl is that you are using a client (openssl 1.1
.1f-based) that will not speak anything older than TLS 1.2, trying to
connect to a server that can only speak TLS 1.1.
>From 1.1.1f-1ubuntu1 changelog entry
>(https://launchpad.net/ubuntu/+source/openssl/+changelog):
- Set
Another workaround not to require adding the --ssl-mode parameter to
MySQL command line:
Create a file ~/.my.cnf
With contents:
[client]
ssl_mode=DISABLED
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bu
In case I do actually want to use certificates and SSL, the error when
connecting to Aurora DB is a bit different:
In C++:
# ERR: SQLException in query: [] on line 0
# ERR: SSL connection error: error:1425F102:SSL
routines:ssl_choose_client_version:unsupported protocol (MySQL error code:
2026,
I found a workaround for C++ when I don't want to use certificates:
sql::Driver *driver;
sql::ConnectOptionsMap connection_properties;
sql::Connection *con;
connection_properties["hostName"] = host;
connection_properties["userName"] = username;
conn
This also fits with seeing the same problem for a 5.7.21 server, which was also
built with yaSSL.
Could you test updating your docker image server to the newest 5.7 and see if
that fixes it?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
Mariadb client is built with gnutls, I believe.
I was able to reproduce this now. If you install an older mysql server
from before 5.6 also used openssl (5.6.44 in my case), then enable ssl
on the server, you get the error reported when trying to connect to it
from Ubuntu 20.04 8.0 client. The use
I have the same issue, and for me it *does* work if I use `--ssl-
mode=DISABLED` to connect.
This is using the mysql-client installed through apt in Ubuntu 20.04
beta (mysql-client 8.0.19-0ubuntu4), and connecting to a MySQL Server
version 5.7.21 running in docker on the same machine.
I get the s
ssl-mode should default to a mode that tries to autodetect server
support, with automatic fallback to disabled(PREFERRED, per
https://dev.mysql.com/doc/refman/8.0/en/connection-options.html
#option_general_ssl-mode), but I'm not sure if that works properly with
the Aurora server.
Have you looked a
To confirm, the MySQL client in Focal *does* work if you use "--ssl-
mode=DISABLED"?
If so, this seems appropriate to me since otherwise there would be a
downgrade attack. I'm not sure this is a bug in MySQL or Ubuntu's MySQL
packaging then - it's a step up in security which is the sort of thing
u
I can't reproduce this with a regular (upstream) 5.6 server; Can run a
5.6 server on a debian 9 host and connect to it fine from a 20.04
running 8.0.
What is the auth type of the user in the mysql.user table?
Does the same thing happen if you create a new user with just a normal password
auth?
I
I'll look into this and get back to you!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
MySQL client fails to connect, seems to force SSL
To manage notifications about this bug go to:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: mysql-8.0 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
I found another such bug on triage, seems to be a more common issue maybe?
I'll bump priority but leave the SME to Larss/Robie.
** Changed in: mysql-8.0 (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
@Lars/Robie - is there some config that one can apply so the client to
avoid SSL on servers that won't provide it?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
MySQL client fails to
I am not connecting to Ubuntu 20.04 mysql-server locally, in fact, I
don't have mysql-server installed in the machine.
I am connecting to a remote server that reports this version:
Server version: 5.6.10-log MySQL Community Server (GPL)
It is a server running Aurora AWS. I can't update that serv
Hello Nicolay,
Thank you for taking the time to file a bug report.
Could you please describe your problem with more detailed information ?
mysql-server-8.0 default installation in 20.04 does NOT enable SSL by
default, in the server, nor in the client:
"""
mysql> status;
--
mysql Ver
** Changed in: mysql-8.0 (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872541
Title:
MySQL client fails to connect, seems to force SSL
To manage notification
37 matches
Mail list logo
