MySQL ERROR 2026 - SSL 连接错误 - Ubuntu 20.04

2022-01-13 00:00:00 django ssl centos mysql ubuntu-20.04

我最近将我的本地机器操作系统从 Ubuntu 18.04 升级到 20.04,我在 CentOS (AWS) 上运行我的 MySQL 服务器.每当我尝试连接到 MySQL 服务器时,升级后都会引发 SSL 连接错误.

$ mysql -u yamcha -h database.yourproject.com -p --port 3309错误 2026 (HY000):SSL 连接错误:错误:1425F102:SSL 例程:ssl_choose_client_version:不支持的协议

但如果我同时传递 --ssl-mode=disabled 选项,我就可以远程连接.

$ mysql -u yamcha -h database.yourproject.com -p --port 3309 --ssl-mode=disabled欢迎使用 MySQL 监视器.命令以 ; 结尾或g.您的 MySQL 连接 ID 是 22158946服务器版本:5.7.26 MySQL 社区服务器(GPL)版权所有 (c) 2000, 2020,Oracle 和/或其附属公司.版权所有.Oracle 是 Oracle Corporation 和/或其附属公司.其他名称可能是其各自的商标拥有者.输入帮助";或 'h' 寻求帮助.键入 'c' 以清除当前输入语句.mysql>

查询:

<块引用>

  1. 如何在不通过--ssl-mode=disabled
  2. 的情况下连接
  3. 如何在我的 Django 应用程序中传递此 --ssl-mode=disabled 选项,目前我已将其定义如下所示,但我仍然遇到相同的错误.

DATABASES = {'默认': {'引擎': 'django.db.backends.mysql','NAME': 'yamcha','用户': 'yamcha','密码': 'xxxxxxxxxxxxxxx','HOST': 'database.yourproject.com','端口':'3309','选项':{'ssl':假},}

解决方案

Ubuntu 20 提升了安全级别.我可以连接的唯一方法是允许 tls 1 .

编辑此文件:

/usr/lib/ssl/openssl.cnf

并放在文件开头:

openssl_conf = default_conf

在那个文件的最后:

[default_conf]ssl_conf = ssl_sect[ssl_sect]system_default = ssl_default_sect[ssl_default_sect]最小协议 = TLSv1CipherString = 默认值:@SECLEVEL=1

它对我有很大帮助:https:///askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

I've recently upgraded my local machine OS from Ubuntu 18.04 to 20.04, I'm running my MySQL-server on CentOS (AWS). Post upgrade whenever I'm trying to connect to MySQL server it is throwing SSL connection error.

$ mysql -u yamcha -h database.yourproject.com -p --port 3309

ERROR 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

But if I pass --ssl-mode=disabled option along with it, I'm able to connect remotely.

$ mysql -u yamcha -h database.yourproject.com -p --port 3309 --ssl-mode=disabled

Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 22158946
Server version: 5.7.26 MySQL Community Server (GPL)

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> 

Queries:

  1. How to connect without passing --ssl-mode=disabled
  2. How to pass this --ssl-mode=disabled option in my Django application, currently I've defined it as shown below, but I'm still getting the same error.

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'yamcha',
        'USER': 'yamcha',
        'PASSWORD': 'xxxxxxxxxxxxxxx',
        'HOST': 'database.yourproject.com',
        'PORT': '3309',
        'OPTIONS': {'ssl': False},
    }

解决方案

Ubuntu 20 has improved the security level. The only way i could connect whas allowing the tls 1 .

Edit this file:

/usr/lib/ssl/openssl.cnf

And put at the beginning of file:

openssl_conf = default_conf

And in the end of that file too:

[ default_conf ]

ssl_conf = ssl_sect

[ssl_sect]

system_default = ssl_default_sect

[ssl_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=1

It help me a lot: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

相关文章