Hi, Benny! On Apr 17, Benny Pedersen wrote:
if openssl works for othres i like to know a working my.cnf to make it work, i have added my ssql same way as used in dovecot / postfix, no ssl error in mysql, but openssl s_client -showcerts -connect 127.0.0.1:3306 says ssl23 fails, at best i see ssl3 tlsv1 fails, output is CONNECTED(00000003)
Of course, this cannot possibly work. See the client-server protocol description, for example, here: https://dev.mysql.com/doc/internals/en/connection-phase.html When the client connects, the server sends the initial handshake packet (where the server announces that it supports SSL). The client replies that it also supports SSL. Only then the server and client actually start using SSL. s_client does not know MariaDB/MySQL protocol, it cannot do this initial protocol handshake, so you cannot use it to probe MariaDB or MySQL servers. Regards, Sergei Chief Architect MariaDB and security@mariadb.org