maria-discuss team mailing list archive
Mailing list archive
Re: MaxScale Server SSL version
Markus Mäkelä <markus.makela@xxxxxxxxxxx>
Wed, 4 Oct 2017 21:55:59 +0300
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
I think we've seen something similar happen when the explicit SSL
version is defined. I'd recommend removing the ssl_version parameter and
trying again. By default MaxScale uses the highest supported SSL version
so it should still default to TLSv1.2.
I see no reason why defining an explicit SSL version shouldn't work and
if removing the ssl_version fixes the problem, I think there might be
something wrong with how MaxScale chooses the SSL version. In this case,
I would recommend that you open a bug report on the MariaDB jira:
On 04/10/17 19:47, Pak Chan wrote:
I'm in the process of setting up MaxScale on Ubuntu 16.04 fronting a
Galera cluster where the MariaDB database nodes (also on Ubuntu 16.04)
are set to use TLSv1.2. There is a "test" user and a "galeramon" user
on the database, both requiring SSL.
According to the documentation, I can configure this in MaxScale as
However, this never successfully connects. I ran a packet capture on
the connection, and found that the reason it was failing was that
MaxScale was trying to connect using TLSv1.0 despite the
specification. Changing the "ssl_version" setting to "MAX" had no effect.
The version of openssl and libssl1.0.0 on the server are both
1.0.2g-1ubuntu4.8, so it should support TLSv1.2. I installed MaxScale
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
| sudo bash -s -- --mariadb-server-version=mariadb-10.1
sudo apt install maxscale
I can disable the TLS requirement for the "galeramon" user, which
allows MaxScale to start up, but the moment I log into the database
via MaxScale as the "test" user, the connection fails, as the
following transcript (from a different server) shows:
test@dbclient01:~$ mysql -h 172.16.2.1 -u test -p
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 31200
Server version: 10.0.0 2.1.9-maxscale
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current
MySQL [(none)]> show databases;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 31200
Current database: *** NONE ***
ERROR 2003 (HY000): Authentication with backend failed. Session
will be closed.
Is this a known issue, or is there something wrong with the
configuration? For the record, I can connect to a database instance
over TLSv1.2 from the MaxScale server using the mysql client with the
same ("db-client-*") certificate as specified above.
Mailing list: https://launchpad.net/~maria-discuss
Post to : maria-discuss@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~maria-discuss
More help : https://help.launchpad.net/ListHelp
Markus Mäkelä, Software Engineer
t: +358 40 7740484 | Skype: markus.j.makela