Google Cloud SQL down?
At 1am ET my VM connection to Cloud SQL over SSL decided to stop connecting and will not allow a connection.
Did google make changes/updates?
Has been working fine for months, no changes, then all of a sudden this morning at 1am ET BAM! Won't connect to ....
Getting: Warning: mysqli_real_connect(): (HY000/2026): SSL connection error .....
SSL is not expired.
Can someone help me understand if Google made a change or if an instance can just decide on its own to changes its settings in the middle of the night?
Solution to openssl auto update to 11 that breaks the ssl connection to cloudssl.
The following command shows the openssl updates and version change that affected the gce CentOS 6.6 vm >> cloudsql ssl connection (8 works, 11 won't connect):
grep -i openssl /var/log/yum.log
Apr 02 03:34:00 Updated: openssl-1.0.1e-30.el6.8.x86_64
Apr 02 03:34:00 Updated: openssl-1.0.1e-30.el6.8.i686
Jun 05 04:01:01 Updated: openssl-1.0.1e-30.el6.9.x86_64
Jun 05 04:01:02 Updated: openssl-1.0.1e-30.el6.9.i686
Jun 16 04:32:47 Updated: openssl-1.0.1e-30.el6.11.x86_64
Jun 16 04:32:48 Updated: openssl-1.0.1e-30.el6.11.i686
The following steps will allow for a downgrade:
(only need to remove an openssl if you have more than one installed - as the example above shows. Otherwise you'll only need to downgrade the 11 version your machine shows).
yum remove openssl-1.0.1e-30.el6.11.i686
yum downgrade openssl-1.0.1e-30.el6.8.x86_64
apachectl restart
This issue would have happened to any MySQL instance being connected to via OpenSSL.
The bug was that OpenSSL updated to use keys greater than 512 while MySQL did not update to use them.
Since the yum cron will get the new version again on its next round, openssl updates would need to be turned off until CloudSQL updates to a stable version that will allow keys greater than 512.