MySQL ERROR 2026 - SSL connection error - Ubuntu 20.04
I've recently upgraded my local machine OS from Ubuntu 18.04 to 20.04, I'm running my MySQL-server on CentOS (AWS). Post upgrade whenever I'm trying to connect to MySQL server it is throwing SSL connection error.
$ mysql -u yamcha -h database.yourproject.com -p --port 3309
ERROR 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
But if I pass --ssl-mode=disabled option along with it, I'm able to connect remotely.
$ mysql -u yamcha -h database.yourproject.com -p --port 3309 --ssl-mode=disabled
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 22158946
Server version: 5.7.26 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Queries:
- How to connect without passing
--ssl-mode=disabled- How to pass this
--ssl-mode=disabledoption in my Django application, currently I've defined it as shown below, but I'm still getting the same error.
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'yamcha',
'USER': 'yamcha',
'PASSWORD': 'xxxxxxxxxxxxxxx',
'HOST': 'database.yourproject.com',
'PORT': '3309',
'OPTIONS': {'ssl': False},
}
Answer
Ubuntu 20 has improved the security level. The only way i could connect whas allowing the tls 1 .
Edit this file:
/usr/lib/ssl/openssl.cnf
And put at the beginning of file:
openssl_conf = default_conf
And in the end of that file too:
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = ssl_default_sect
[ssl_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=1
It help me a lot: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level