debugsqlMinor
MySQL 5.1.66 SSL connection error ERROR 2026 (HY000)
Viewed 0 times
error2026mysqlhy000sslconnection
Problem
UPDATE2
Using WireShark I found out the problem string (I hope I did):
And the error is (according to docs):
Here are the screenshots of WireShark in two cases:
Connection from Windows 8 (Success):
Connection from CentOS (Fail):
Why does this happen?
UPDATE
One interesting notice:
I have successfully connected with Master DB using Windows 8
I have faced with SSL replication problem in CentOS-6.3. I am using OpenSSL to create both clients and server certificates and both clients and server certificates are signed by the same CA.
All certificates I receive using "Setting Up SSL Certificates and Keys for MySQL" section of MySQL help pages.
Server's my.cnf file:
Client's my.cnf file:
On Master I setup slave user with SSL like this:
To update Slave I am using the following command (according to
```
SLAVE STOP;
CHANGE MASTER TO \
MASTER_HOST='192.168.18.128', \
MASTER_USER='sslreplicant', \
MASTER_PASSWORD='db.sslreplicantprimary', \
MASTER_LOG_FILE='mysql-bin.000026',
Using WireShark I found out the problem string (I hope I did):
28 | 9.582638 | 192.168.18.128 | 192.168.18.129 | MySQL Response Error 1043And the error is (according to docs):
Error: 1043 SQLSTATE: 08S01 (ER_HANDSHAKE_ERROR)
Message: Bad handshakeHere are the screenshots of WireShark in two cases:
Connection from Windows 8 (Success):
Connection from CentOS (Fail):
Why does this happen?
UPDATE
One interesting notice:
I have successfully connected with Master DB using Windows 8
(192.168.18.1) by modifying ssluser setting on Master for 192.168.18.1 host - made a change: from REQUIRE SSL to REQUIRE X509. However this doesn't work in our case with slave-to-master connection.I have faced with SSL replication problem in CentOS-6.3. I am using OpenSSL to create both clients and server certificates and both clients and server certificates are signed by the same CA.
Server IP: 192.168.18.128
Slave IP: 192.168.18.129
MySQL version 5.1.66 SSLAll certificates I receive using "Setting Up SSL Certificates and Keys for MySQL" section of MySQL help pages.
Server's my.cnf file:
[mysqld]
ssl-key=/etc/mysql/certs/server-key.pem
ssl-cert=/etc/mysql/certs/server-cert.pem
ssl-ca=/etc/mysql/certs/ca-cert.pemClient's my.cnf file:
[client]
ssl-ca=/etc/mysql/ssl/ca-cert.pem
ssl-key=/etc/mysql/ssl/client-key.pem
ssl-cert=/etc/mysql/ssl/client-cert.pemOn Master I setup slave user with SSL like this:
CREATE USER 'ssluser'@'192.168.18.129' IDENTIFIED BY 'sslpass';
GRANT REPLICATION SLAVE ON *.* TO 'ssluser'@'192.168.18.129' REQUIRE SSL;To update Slave I am using the following command (according to
show master status command):```
SLAVE STOP;
CHANGE MASTER TO \
MASTER_HOST='192.168.18.128', \
MASTER_USER='sslreplicant', \
MASTER_PASSWORD='db.sslreplicantprimary', \
MASTER_LOG_FILE='mysql-bin.000026',
Solution
Try making certificate files owned by mysql user and not readable by others.
You can try also with a fixed cipher:
And for the change master:
You can try also with a fixed cipher:
mysql ... --ssl-cipher=AES128-SHAAnd for the change master:
CHANGE MASTER TO ... MASTER_SSL_CIPHER='AES128-SHA'Context
StackExchange Database Administrators Q#31591, answer score: 2
Revisions (0)
No revisions yet.