MySQL 5.7 TLSv1.2 support

Hi,

Some of our machines are running a community MySQL 5.7.25 version. We are preparing to upgrade the database, however, we are wondering if there’s a way to enable support for TLSv1.2 in the meantime while we’re setting up our infrastructure. I tried enabling tls_version = TLSv1,TLSv1.1,TLSv1.2 and restarted the database but I’m still getting a bad handshake error when a client connects.

Would anybody have an idea how to resolve this issue apart from upgrading the DB?

Thanks in advance.

1 Like

Hi lreyes,

MySQL 5.7 should support tlsv1.2 as you mentioned, source : MySQL :: MySQL 5.7 Reference Manual :: 6.3.2 Encrypted Connection TLS Protocols and Ciphers

What is the error message you are getting?
Does it happen every time with every client? or just sometimes or for some clients?

Regards

1 Like

Hello @CTutte, it happens all the time if we enable TLSv1.2. The error message I’m seeing from the mysql error log is:

[Note] Bad handshake

From the client (dbeaver), the error is:

Communications link failure

The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
  Connection reset

Also, are all mysql 5.7 versions supported? We’re using a docker image with MySQL 5.7.25.

Thanks.

1 Like