📋

Description

This error indicates that the MySQL client failed to establish a secure (SSL/TLS) connection with the MySQL server. It typically occurs due to misconfigurations, invalid certificates, or network issues during the SSL handshake process.

💬

Error Message

SSL connection error: %s

🔍

Known Causes

4 known causes

⚠️

SSL Configuration Mismatch

The client and server have conflicting SSL settings, preventing a successful secure connection handshake.

⚠️

Invalid SSL Certificates

Required SSL certificates or private keys are missing, corrupted, or have incorrect permissions on the client or server.

⚠️

Untrusted Certificate Authority

The client does not trust the Certificate Authority (CA) that issued the MySQL server's SSL certificate.

⚠️

Network or Firewall Blockage

Network issues or firewall rules are preventing the SSL handshake from completing between the client and server.

🛠️

Solutions

4 solutions available

1. Verify SSL Certificate Validity and Configuration medium

Ensures the MySQL server's SSL certificates are correctly configured and trusted.

1

Check the MySQL server's SSL configuration in `my.cnf` or `my.ini`. Ensure `ssl_ca`, `ssl_cert`, and `ssl_key` parameters point to valid and accessible certificate files.

cat /etc/mysql/my.cnf | grep ssl

2

Verify that the certificate files (CA certificate, server certificate, and server private key) exist and have the correct permissions. The MySQL server process needs read access.

ls -l /etc/mysql/ssl/

3

Test the validity of the SSL certificate on the server using `openssl`. This checks for expiration, proper chain, and key usage.

openssl x509 -in /etc/mysql/ssl/server-cert.pem -noout -text

4

If using a custom CA, ensure the client is configured to trust this CA. On the client side, the `ssl-ca` option should point to the correct CA certificate file.

mysql --ssl-ca=/path/to/client-ca.pem -h your_mysql_host -u your_user -p

2. Configure Client to Use SSL Explicitly easy

Forces the MySQL client to attempt an SSL connection.

1

When connecting to the MySQL server, explicitly specify the SSL options. This is particularly useful if the server is configured to accept both SSL and non-SSL connections, but the client is failing to negotiate SSL.

mysql --ssl-mode=REQUIRED --ssl-ca=/path/to/ca.pem -h your_mysql_host -u your_user -p

2

Alternatively, for clients that support it, you can use `SSL_MODE=REQUIRED` as an environment variable before executing the `mysql` command.

export MYSQL_OPT='--ssl-mode=REQUIRED --ssl-ca=/path/to/ca.pem'
mysql -h your_mysql_host -u your_user -p

3. Check Network Connectivity and Firewall Rules easy

Ensures that network paths are open and firewalls aren't blocking SSL traffic.

1

Verify that the MySQL port (default 3306) is open on the server's firewall. You can use `telnet` or `nc` to test basic connectivity.

telnet your_mysql_host 3306

2

If SSL is configured on a different port, ensure that port is also open. The MySQL server might be configured to use SSL on a non-standard port.

nc -zv your_mysql_host 3307

3

Check intermediate network devices (routers, load balancers) for any rules that might be inspecting or blocking SSL/TLS traffic on the MySQL port.

text

4. Update MySQL Client and Server Versions advanced

Addresses potential bugs or compatibility issues in older MySQL versions.

1

Ensure both the MySQL client and server are running compatible and reasonably recent versions. Older versions might have known SSL/TLS implementation bugs or lack support for newer, more secure cipher suites.

mysql --version

2

Consult the MySQL release notes for information on SSL/TLS improvements and bug fixes between versions. Consider upgrading if your versions are significantly outdated.

text

3

After upgrading, restart the MySQL server and test the SSL connection again. Ensure any configuration changes required by the new version are applied.

sudo systemctl restart mysql

🔗

Related Errors

5 related errors

MySQL Error 2026: SSL Connection Failure