Hi Vladislav, Thanks for the feedback. I will update MDEV-13492 ( https://jira.mariadb.org/browse/MDEV-13492) with the setup details, certificate generation and network traces. Kenneth On Fri, Oct 25, 2019 at 7:00 PM Vladislav Vaintroub <vvaintroub@gmail.com> wrote:
Hi Kenneth,
There have been some reports about this symptoms, but nothing that we would be able to reproduce on any of our machines.
So far I think the SSL handshake error that was seen was either intermittent “Unknown SSL error (0x80090308)”, say one in couple of hundred attempts. for which a workaround is planned ( *https://jira.mariadb.org/browse/CONC-417* <https://jira.mariadb.org/browse/CONC-417> and several others) . The occasional handshake error seems to be schannels own bug, which we could reproduce on some machines, and IIRC could workaround by disabling some ciphers by fiddling in Schannel’s registry.
The second one that I heard of, was a complaint by a user, that his self-issued certificate works, and company-issued certificate does not, failing always with Unknown SSL error (0x80090308) . Unfortunately that user did not provide any detail on what he was seeing apart from this cryptic description.
The most reasonable thing you could do to help us to help you, is to use that existing bug in JIRA to provide as much information as possible about your case, I.e whether or notm the bug is sporadic, whether you’re trying to force a specific cipher, details of certificate you’re using on server side, and a network trace that you can collect e.g with wireshark, or tcpdump on either server or on client side.
Now why the MySQL client does not fail, it is using the same SSL implementation (openssl) on the both client and server side.
*From: *Kenneth Penza <kpenza@gmail.com> *Sent: *Friday, 25 October 2019 11:07 *To: *Mailing-List mariadb <maria-discuss@lists.launchpad.net> *Subject: *[Maria-discuss] SSL issue with Windows MariaDB client
Good morning,
Whilst testing SSL of a MariaDB server version 10.4.8 running Linux from a Windows 10 machine I noted that connection using MySQL client (mysql-8.0.18-winx64) connects successfully, however connections with MariaDB client (mariadb-10.4.8-winx64) fails.
In case of MariaDB I have downloaded the file ( https://downloads.mariadb.org/interstitial/mariadb-10.4.8/winx64-packages/ma... <https://downloads.mariadb.org/interstitial/mariadb-10.4.8/winx64-packages/mariadb-10.4.8-winx64.zip/from/https%3A/mirror.serverion.com/mariadb>), whilst for MySQL client I used ( https://dev.mysql.com/downloads/file/?id=490026).
C:\temp\mariadb-10.4.8-winx64>mysql --user=penzk001 --password --host=<hostname> --port=3306 --tls-version=TLSv1.2 --ssl-ca=c:\temp\CACert.pem
Enter password: ******** ERROR 2026 (HY000): Unknown SSL error (0x80090308)
C:\temp\mariadb-10.4.8-winx64\bin> cd ..\mysql-8.0.18-winx64\bin
C:\temp\mysql-8.0.18-winx64\bin> mysql --user=penzk001 --password --host=<hostname> --port=3306 --tls-version=TLSv1.2 --ssl-ca=c:\temp\CACert.pem
Welcome to the MySQL monitor. Commands end with ; or \g.
...
mysql>\s
...
SSL: Cipher in use is DHE-RSA-AES128-GCM-SHA256
...
mysql>
To ensure that the SSL certificate is valid I also tried "--ssl-mode=VERIFY_IDENTITY" with the mysql-8.0.18 client and it worked fine.
Regards
Kenneth