![]() ![]() (Note that I didn't test HeidiSQL with MariaDB 10.4. ![]() It would be great if the SSL/TLS issues with popular MySQL clients (Sequel Pro on macOS and HeidiSQL on Windows) could be worked out so that it's possible to connect to MariaDB 10.4. Default installations of HeidiSQL often experience SSL/TLS handshake failures with until you replace the shipped libmysql.dll with a specific version and drop the bundled libmariadb.dll file (see e.g. On the Windows side, SChannel has a bug with respect to DH (Diffie-Hellman) key-exchanges and some cipher suites (I think this is mentioned in Georg's comment in MDEV-13492). MySQL's use of yaSSL has been a problem (it's under developed and doesn't support modern TLS very well). Sequel Ace is an unofficial sequel to longtime macOS tool Sequel Pro. (That doesn't mean I'd like you to switch back to yaSSL because most likely the problem is related to the selection of cipher suites and/or keyexchange.)įWIW, over the years we've run into many SSL/TLS related issues with both MySQL servers and MySQL clients. THE Go-to SQL Tool for Experts and Novices. ![]() While I haven't tried earlier versions of the 10.4 series, perhaps the change to wolfSSL might be related to the issues with Sequel Pro. It seems that you've switched to wolfSSL from yaSSL (good riddance!) in MariaDB 10.4.6. I also note that you link to a page on your SSL/TLS support (kudos!) here: I noticed there was a mention of the SSL/TLS library in the most recent release notes: We use TLS extensively in our network to ensure privacy (encryption in transit), authentication and integrity, so the SSL/TLS issues in MySQL clients are a blocker for us. Here's the relevant SSL/TLS configuration on our MariaDB server: Typically this means that the SSL/TLS handshake failed, and most often this is related to cipher suite selection and/or key-exchanges. Unfortunately I no longer have the exact error message at hand that Sequel Pro reported but it said something about the connection failed and that the SSL error number was unknown (or zero). Today I attempted to upgrade one of our MariaDB servers to MariaDB 10.4.6 only to find out that Sequel Pro no longer was able to connect with SSL/TLS (only establishing an SSL/TLS session and verifying the remote peer certificate the server is not using client cert authentication). (Nightly builds because the Sequel Pro project is struggling with release management and maintenance). We have a lots of Mac clients accessing our MariaDB servers and most of them are using nightly builds Sequel Pro, arguably the most popular MySQL client in the macOS world. We're running Ubuntu 18.04 LTS with MariaDB 10.3.16 configured with SSL/TLS support and `REQUIRE SSL` on all accounts. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |