On Tue, 2023-10-31 at 23:09 +0100, Hartmut Holzgraefe via discuss wrote:
On 31.10.23 22:45, Nick Lockheart via discuss wrote:
How can I get verbose messages about what is happening with TLS (why is it being rejected)?
unfortunately your best options are either to capture the initial TLS dialog packages and to analyze them with Wireshark, or to use the OpenSSL s_client tool to emulate a mysql protocol connection trying to switch to TLS:
see e.g.: https://serverfault.com/a/931652
I just tried using openssl s_client -starttls mysql -connect from the replication slave server, connecting to the master. In the output, I see: --- SSL handshake has read 4228 bytes and written 461 bytes Verification: OK --- Does that mean there is no issue with the certificates?