dunno why you send that to the *developers* list? "maria-discuss@lists.launchpad.net" is for pure user questions and we both are just users in most cases Am 17.04.2016 um 01:39 schrieb Benny Pedersen:
if openssl works for othres i like to know a working my.cnf to make it work, i have added my ssql same way as used in dovecot / postfix, no ssl error in mysql, but openssl s_client -showcerts -connect 127.0.0.1:3306 says ssl23 fails, at best i see ssl3 tlsv1 fails, output is CONNECTED(00000003)
nonsense - it works likely independent what opeensl says here - why don't you just try first a mysql client and look at the connection vars? [root@buildserver:~]$ autotest.php mysql_ssl /Volumes/dune/buildserver/autotest/parts/mysql_ssl.php OK: mysql-over-ssl - DHE-RSA-AES128-SHA / TLSv1 [root@buildserver:~]$ openssl s_client -showcerts -connect 127.0.0.1:3306 CONNECTED(00000003) 139800112973696:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 201 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1460881738 Timeout : 300 (sec) Verify return code: 0 (ok)
no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 308 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1460845475 Timeout : 300 (sec) Verify return code: 0 (ok) ---
how to debug it more from here ?
there is nothing to debug