I'm trying to secure a mysql connection with SSL and password encryption by sha256. My setup works as expected from the cli mysql and when using native mysql password. When trying to connect as a user with sha256 pasword i get "HY000/1045): Access denied for user 'sha256user'@'192.168.120.45' (using password: YES)", but I can connect the same user by cli mysql. I have the same problem both on locally and when trying from a remote host.
[root@vt0-0-7 bin]# /ct/nih/mysql-5.6/bin/mysql -u sha256user -p -h 192.168.120.30
Enter password:
...
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.02 sec)
mysql>
My php setup:
[root@vt0-0-7 bin]# php --version
PHP 5.6.9 (cli) (built: Jun 3 2015 13:06:06)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
[root@vt0-0-7 bin]#
[root@vto-0-5 bin]# php -i | grep -n mysqlnd
6:Configure Command => './configure' '--prefix=/ct/nih/php-5.6.9/' '--with-mysql=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-xsl' '--with-libxml-dir' '--with-mysqli=mysqlnd' '--with-openssl' '--with-zlib' '--enable-ftp' '--with-apxs2=/ct/nih/httpd-2.2.29/bin/apxs' '--enable-sockets' '--with-curl' '--with-mcrypt' '--with-readline' '--with-pcre-regex=/ct/nih/pcre-8.20' '--enable-soap' '--without-sqlite3' '--without-pdo-sqlite' '--enable-mbstring'
280:Client API version => mysqlnd 5.0.11-dev - 20120503 - $Id:3c688b6bbc30d36af3ac34fdd4b7b5b787fe5555 $
298:Client API library version => mysqlnd 5.0.11-dev - 20120503 - $Id: 3c688b6bbc30d36af3ac34fdd4b7b5b787fe5555 $
316:mysqlnd
318:mysqlnd => enabled
319:Version => mysqlnd 5.0.11-dev - 20120503 - $Id: 3c688b6bbc30d36af3ac34fdd4b7b5b787fe5555 $
329:Loaded plugins => mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_sha256_password
332:mysqlnd statistics =>
521:Client API version => mysqlnd 5.0.11-dev - 20120503 - $Id: 3c688b6bbc30d36af3ac34fdd4b7b5b787fe5555 $
[root@vto-0-5 bin]#
When I use a user with "native password" PHP uses an SSL connection.
PHP connection code:
$this->dbh = mysqli_init();
$res = $this->dbh->ssl_set(DB_CLIENT_KEY, DB_CLIENT_CERT, DB_CA_CERT, NULL, NULL);
$user="sha256user";
$pass="Sh@256Pa33";
$connRes = $this->dbh->real_connect($dbHost, $user , $pass, $dbName, 3306, NULL, MYSQLI_CLIENT_SSL);
Edit: MySQL is compiled locally with:
$> cmake . -DWITH_SSL=system
$> mysql --version
mysql Ver 14.14 Distrib 5.6.25, for Linux (x86_64) using EditLine wrapper
$>
Does anyone have any idea where to look for the problem?
This is an official MySQL bug since July 2015: http://bugs.mysql.com/bug.php?id=77595