On Mon, Sep 23, 2024 at 7:13 PM Andrew Wood <andrewjamesw...@ymail.com> wrote:
>
> Is there a way to get MariaDB on Bookworm to log verbosely everything
> to do with connection attempts in order to try and debug why a client
> keeps getting error 2026 SSL connection error: protocol version mismatch?
I typically use OpenSSL's s_client to connect to the server. It is an
excellent debugging tool for times like this. Something like:
openssl s_client -connect db.example.com:443 -servername db.example.com
You can also use -tls1_2 and -tls1_3 if you want to nail down a
particular version of the protocol. See
<https://docs.openssl.org/3.0/man1/openssl-s_client/> for more
options.
I suspect (and it is just a guess) that the mismatch is due to a plain
text error page being returned to the TLS client rather than a TLS
protocol message with a well formed version. That usually means a TLS
server is _not_ listening on the port you are connecting to. Rather,
just a regular server is listening (without TLS).
> There is currently nothing being logged on the server other than:
>
> [Warning] Aborted connection 332 to db: 'unconnected' user:
> 'unauthenticated' host: '192.168.253.231' (This connection closed
> normally without authentication)
>
> SHOW GLOBAL VARIABLES LIKE 'tls_version'; gives TLSv1.1,TLSv1.2,TLSv1.3
> and the client is based on a relatively recent version of libmysqlclient
> so Im struggling to understand what is going wrong without some more
> detailed logging. I cant find anything in the MariaDB manual.
Jeff
