Tuesday, October 28, 2014

[Ubuntu 14.04] mysql with SSL: ERROR 2026 (HY000): SSL connection error: protocol version mismatch

I was trying to enable SSL on mysql in Ubuntu 14.04 and it was not easy.

1. Install simply, apt-get install mysql-client mysql-server and set a strong root password.
2. Generate openssl certs and enable SSL configurations in /etc/mysql/my.cnf like this:

#For the client: (localhost only)

port            = 3306
socket          = /var/run/mysqld/mysqld.sock
ssl-ca          = /etc/mysql/ca-cert.pem


Restart mysql, thats it. But while trying to connect (mysql -u root -p), I faced an error:

ERROR 2026 (HY000): SSL connection error: protocol version mismatch

Later I figured out, it was due to Bad certificates (well kind of..),

So generate the certificates using the commands here:

Once you connect, you can /s to confirm that your cipher is on:


mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 36
Server version: 5.5.38-0ubuntu0.14.04.1 (Ubuntu)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> \s
mysql  Ver 14.14 Distrib 5.5.38, for debian-linux-gnu (i686) using readline 6.3

Connection id: 36
Current database:
Current user: root@localhost
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.5.38-0ubuntu0.14.04.1 (Ubuntu)
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: latin1
Db     characterset: latin1
Client characterset: utf8
Conn.  characterset: utf8
UNIX socket: /var/run/mysqld/mysqld.sock
Uptime: 11 days 1 hour 4 min 49 sec

Threads: 1  Questions: 109  Slow queries: 0  Opens: 171  Flush tables: 1  Open tables: 41  Queries per second avg: 0.000



Now if you want to see mysql SSL in action using wireshark,


More references:

No comments:

Post a Comment