MySQL: Fix MySQL Error 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

This is a note for me and others who may find themselves running into this error when using a MySQL client such as MySQL Workbench or the MySQL shell connecting to a MySQL database

The Error:

You try to connect to MySQL from your client host (outside the server) using a MySQL client and get this error:

MySQL Error 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

Just so that search engines could get this, I am going to paste the complete error:

cmd.exe : WARNING: Using a password on the command line interface can be insecure.
At line:1 char:1
+ cmd.exe /C "C:\Program Files\MySQL\MySQL Shell 8.0\bin\mysqlsh.exe" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (WARNING: Using ...an be insecure.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

MySQL Error 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

Why did this happen?

Basically, it is saying that the client protocol it has chosen to communicate with the server isn’t supported!

As I searched for this error and looked through the documentation here, I noticed this part which was key to resolving the issue:

As of MySQL 8.0.28, MySQL no longer supports the TLSv1 and TLSv1.1 protocols. From this release, clients cannot make a TLS/SSL connection with the protocol set to TLSv1 or TLSv1.1. For more details, see Removal of Support for the TLSv1 and TLSv1.1 Protocols.

My client version was 8.0.29 and it was trying to use a higher version of TLS 1.2 or above to communicate but that was not explicitly allowed on the server side!

Check your version and see what protocols are allowed and do the necessary as described later.

What is the solution?

Simply, add the configuration settings to my.cnf. The location of the file may be different in your case!

Effectively:

  1. Find your my.cnf file for your MySQL
  2. Edit and add these lines. For example, “sudo edit /etc/my.cnf”
    • [mysqld]
    • tls_version=TLSv1.2,TLSv1.3
  3. Restart MySQL
    • sudo service mysqld restart

Now everything should be good to go!

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s