Sorry: I have inadvertently tested with a port matching another service (853 instead of 3306), so my previous post must be ignored.
This issue is still there, even on groovy. Let me answer your questions again: 0) with a service answering correctly to TLS connections requests, we get with a wildcard server certificate: ... SSL_connect:SSLv3/TLS write finished --- Certificate chain 0 s:CN = *.domain i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 -----BEGIN CERTIFICATE----- As my first post shows, there is an initial error in the connection preventing openssl to show the CA used or the server certificate: ... SSL_connect:error in error 139858538362176:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331: --- no peer certificate available --- 1) The full SSL configuration (besides the 3 parameters already described in my first post) also includes the following parameters which are IMHO not relevant because his issue still happens if I remove them: ssl-cipher=... tls-version=... require_secure_transport=ON 2) You don't seem to understand this issue. The client don't need special configuration, other than at least one matching cipher and required TLS version if they are specified on the server side. 3)I have already tried that: same issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1890611 Title: Client cannot connect to remote mysql-server when the latter is configured with ssl parameters using a public CA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1890611/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs