enterprise-support team mailing list archive

Thread
Date
[Bug 1007164] Re: SSL connection error: protocol version mismatch

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Raghavendra D Prabhu <raghavendra.prabhu@xxxxxxxxxxx>
Date: Mon, 10 Sep 2012 23:32:50 -0000
Reply-to: Bug 1007164 <1007164@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Tested and works fine. (both mysql and PS)

>>mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.5.27-log Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights
reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

mysql> grant ALL on *.* to 'testuser'@'localhost' identified by 'test' require ssl;
Query OK, 0 rows affected (0.00 sec)

mysql> Bye

>>mysql -u testuser -ptest
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.5.27-log Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights
reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

mysql> \s
--------------
mysql  Ver 14.14 Distrib 5.5.27, for Linux (x86_64) using readline 5.1

Connection id:          6
Current database:
Current user:           testuser@localhost
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Current pager:          less -R -i -M -s -j.5 -J -W -z-5
Using outfile:          ''
Using delimiter:        ;
Server version:         5.5.27-log Source distribution
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /var/run/mysqld/mysqld.sock
Uptime:                 10 min 30 sec

Threads: 1  Questions: 30  Slow queries: 0  Opens: 33  Flush tables: 1  Open tables: 26  Queries per second avg: 0.047
--------------


Generation:

I generated certificates as follows: (thanks to
http://serverfault.com/a/399581)

openssl req -x509 -newkey rsa:1024 \
-keyout server-key-enc.pem -out server-cert.pem \
-subj '/DC=com/DC=example/CN=server' -passout pass:qwerty

openssl rsa -in server-key-enc.pem -out server-key.pem \
-passin pass:qwerty -passout pass:

openssl req -x509 -newkey rsa:1024 \
-keyout client-key-enc.pem -out client-cert.pem \
-subj '/DC=com/DC=example/CN=client' -passout pass:qwerty

openssl rsa -in client-key-enc.pem -out client-key.pem \
-passin pass:qwerty -passout pass:

cat server-cert.pem client-cert.pem > ca.pem


with  configuration being:

ssl-ca=/qemu/share/certs/ca.pem
ssl-cert=/qemu/share/certs/client-cert.pem
ssl-key=/qemu/share/certs/client-key.pem

under [client]

and

ssl-ca=/qemu/share/certs/ca.pem
ssl-cert=/qemu/share/certs/server-cert.pem
ssl-key=/qemu/share/certs/server-key.pem


under [mysqld]

===============================


The key (as also mentioned in serverfault link) is to note that the certs are self-signed and follow procedure for them (like -x509 to req)

** Changed in: percona-server/5.5
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to MySQL.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1007164

Title:
  SSL connection error: protocol version mismatch

To manage notifications about this bug go to:
https://bugs.launchpad.net/mysql-server/+bug/1007164/+subscriptions