Tested and works fine. (both mysql and PS) >>mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.5.27-log Source distribution
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> grant ALL on *.* to 'testuser'@'localhost' identified by 'test' require ssl; Query OK, 0 rows affected (0.00 sec) mysql> Bye >>mysql -u testuser -ptest Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6 Server version: 5.5.27-log Source distribution Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> \s -------------- mysql Ver 14.14 Distrib 5.5.27, for Linux (x86_64) using readline 5.1 Connection id: 6 Current database: Current user: testuser@localhost SSL: Cipher in use is DHE-RSA-AES256-SHA Current pager: less -R -i -M -s -j.5 -J -W -z-5 Using outfile: '' Using delimiter: ; Server version: 5.5.27-log Source distribution Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: utf8 Db characterset: utf8 Client characterset: utf8 Conn. characterset: utf8 UNIX socket: /var/run/mysqld/mysqld.sock Uptime: 10 min 30 sec Threads: 1 Questions: 30 Slow queries: 0 Opens: 33 Flush tables: 1 Open tables: 26 Queries per second avg: 0.047 -------------- Generation: I generated certificates as follows: (thanks to http://serverfault.com/a/399581) openssl req -x509 -newkey rsa:1024 \ -keyout server-key-enc.pem -out server-cert.pem \ -subj '/DC=com/DC=example/CN=server' -passout pass:qwerty openssl rsa -in server-key-enc.pem -out server-key.pem \ -passin pass:qwerty -passout pass: openssl req -x509 -newkey rsa:1024 \ -keyout client-key-enc.pem -out client-cert.pem \ -subj '/DC=com/DC=example/CN=client' -passout pass:qwerty openssl rsa -in client-key-enc.pem -out client-key.pem \ -passin pass:qwerty -passout pass: cat server-cert.pem client-cert.pem > ca.pem with configuration being: ssl-ca=/qemu/share/certs/ca.pem ssl-cert=/qemu/share/certs/client-cert.pem ssl-key=/qemu/share/certs/client-key.pem under [client] and ssl-ca=/qemu/share/certs/ca.pem ssl-cert=/qemu/share/certs/server-cert.pem ssl-key=/qemu/share/certs/server-key.pem under [mysqld] =============================== The key (as also mentioned in serverfault link) is to note that the certs are self-signed and follow procedure for them (like -x509 to req) ** Changed in: percona-server/5.5 Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server/Client Support Team, which is subscribed to MySQL. Matching subscriptions: Ubuntu Server/Client Support Team https://bugs.launchpad.net/bugs/1007164 Title: SSL connection error: protocol version mismatch To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1007164/+subscriptions -- Mailing list: https://launchpad.net/~enterprise-support Post to : [email protected] Unsubscribe : https://launchpad.net/~enterprise-support More help : https://help.launchpad.net/ListHelp
