CloudSQL SSL connection error

973 views Asked by At

After openssl is upgraded to openssl.x86_64 0:1.0.1e-30.el6.9 mysql connections to CloudSQL start to fail with the following error.

ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

If I connect from another server that isn't yet upgraded and check for SSL cipher this is what I see.

[root@myhostname ~]# mysql -e "SHOW STATUS LIKE 'ssl_cipher'\G"
Variable_name: Ssl_cipher
Value: DHE-RSA-AES256-SHA

So if go back to the server with upgraded version if I check for the cipher I see the following (identical on both servers).

[root@myhostname ~]# openssl ciphers -v "AES" | grep DHE-RSA-AES256-SHA
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1

I am not an expert with SSL ciphers and encryptions. So what am I missing that may be causing this issue? The only way to fix for now was to downgrade openssl & openssl-devel.

[root@myhostname ~]# yum downgrade openssl*

Running the following from working server and non-working server returns the same error. Where cert, key, ca files are the files used to connect to the CloudSQL instance.

openssl s_client -connect <ip>:3306 -tls1 -cert client-cert.pem -key client-key.pem -CAfile server-ca.pem | openssl x509 -text -noout

Returns the following error. But on both servers working and not working.

140582014740296:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
unable to load certificate
140388473263944:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
0

There are 0 answers