MySQL 5.7 TLSv1.2 support

lreyes · May 6, 2021, 5:54pm

Hi,

Some of our machines are running a community MySQL 5.7.25 version. We are preparing to upgrade the database, however, we are wondering if there’s a way to enable support for TLSv1.2 in the meantime while we’re setting up our infrastructure. I tried enabling tls_version = TLSv1,TLSv1.1,TLSv1.2 and restarted the database but I’m still getting a bad handshake error when a client connects.

Would anybody have an idea how to resolve this issue apart from upgrading the DB?

Thanks in advance.

CTutte · May 10, 2021, 12:45pm

Hi lreyes,

MySQL 5.7 should support tlsv1.2 as you mentioned, source : MySQL :: MySQL 5.7 Reference Manual :: 6.3.2 Encrypted Connection TLS Protocols and Ciphers

What is the error message you are getting?
Does it happen every time with every client? or just sometimes or for some clients?

Regards

lreyes · May 11, 2021, 2:53pm

Hello @CTutte, it happens all the time if we enable TLSv1.2. The error message I’m seeing from the mysql error log is:

[Note] Bad handshake

From the client (dbeaver), the error is:

Communications link failure

The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
  Connection reset

Also, are all mysql 5.7 versions supported? We’re using a docker image with MySQL 5.7.25.

Thanks.

Topic		Replies	Views
MySQL 5.5 replication over SSL broken after upgrading OpenSSL, OS Other MySQL® Questions	0	507	January 31, 2019
SSL Connections with 5.5.33 Other MySQL® Questions	1	2989	October 16, 2013
Bad Handshake error in mysqd error log after migrating xtrabackup from 5.6 to 5.7 Percona XtraBackup	0	760	January 29, 2020
Proxsql Front-end connection ProxySQL	6	1477	August 4, 2022
Enforce TLS for replication Percona XtraDB Cluster 5.x	2	688	October 24, 2022

MySQL 5.7 TLSv1.2 support

Related topics