Hi Vladislav, Thanks for the feedback. I will update MDEV-13492 ( https://jira.mariadb.org/browse/MDEV-13492) with the setup details, certificate generation and network traces.
Kenneth On Fri, Oct 25, 2019 at 7:00 PM Vladislav Vaintroub <[email protected]> wrote: > Hi Kenneth, > > > > There have been some reports about this symptoms, but nothing that we > would be able to reproduce on any of our machines. > > So far I think the SSL handshake error that was seen was either > intermittent “Unknown SSL error (0x80090308)”, say one in couple of hundred > attempts. for which a workaround is planned ( > *https://jira.mariadb.org/browse/CONC-417* > <https://jira.mariadb.org/browse/CONC-417> and several others) . The > occasional handshake error seems to be schannels own bug, which we could > reproduce on some machines, and IIRC could workaround by disabling some > ciphers by fiddling in Schannel’s registry. > > > > The second one that I heard of, was a complaint by a user, that his > self-issued certificate works, and company-issued certificate does not, > failing always with Unknown SSL error (0x80090308) . Unfortunately that > user did not provide any detail on what he was seeing apart from this > cryptic description. > > > > The most reasonable thing you could do to help us to help you, is to use > that existing bug in JIRA to provide as much information as possible about > your case, I.e whether or notm the bug is sporadic, whether you’re trying > to force a specific cipher, details of certificate you’re using on server > side, and a network trace that you can collect e.g with wireshark, or > tcpdump on either server or on client side. > > > > Now why the MySQL client does not fail, it is using the same SSL > implementation (openssl) on the both client and server side. > > > > *From: *Kenneth Penza <[email protected]> > *Sent: *Friday, 25 October 2019 11:07 > *To: *Mailing-List mariadb <[email protected]> > *Subject: *[Maria-discuss] SSL issue with Windows MariaDB client > > > > Good morning, > > > > Whilst testing SSL of a MariaDB server version 10.4.8 running Linux from a > Windows 10 machine I noted that connection using MySQL client > (mysql-8.0.18-winx64) connects successfully, however connections with > MariaDB client (mariadb-10.4.8-winx64) fails. > > > > In case of MariaDB I have downloaded the file ( > https://downloads.mariadb.org/interstitial/mariadb-10.4.8/winx64-packages/mariadb-10.4.8-winx64.zip/from/https%3A//mirror.serverion.com/mariadb > <https://downloads.mariadb.org/interstitial/mariadb-10.4.8/winx64-packages/mariadb-10.4.8-winx64.zip/from/https%3A/mirror.serverion.com/mariadb>), > whilst for MySQL client I used ( > https://dev.mysql.com/downloads/file/?id=490026). > > > > > > C:\temp\mariadb-10.4.8-winx64>mysql --user=penzk001 --password > --host=<hostname> --port=3306 --tls-version=TLSv1.2 > --ssl-ca=c:\temp\CACert.pem > > Enter password: ******** > ERROR 2026 (HY000): Unknown SSL error (0x80090308) > > C:\temp\mariadb-10.4.8-winx64\bin> cd ..\mysql-8.0.18-winx64\bin > > C:\temp\mysql-8.0.18-winx64\bin> mysql --user=penzk001 --password > --host=<hostname> --port=3306 --tls-version=TLSv1.2 > --ssl-ca=c:\temp\CACert.pem > > Welcome to the MySQL monitor. Commands end with ; or \g. > > ... > > mysql>\s > > ... > > SSL: Cipher in use is DHE-RSA-AES128-GCM-SHA256 > > ... > > mysql> > > > > To ensure that the SSL certificate is valid I also tried > "--ssl-mode=VERIFY_IDENTITY" with the mysql-8.0.18 client and it worked > fine. > > > > Regards > > Kenneth > > > > >
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
