We need to enable TLS1.1 connections on mysql rds instance. I have a console application that I am using to test my connection to the mysql RDS instance.
After many to-and-fros with Infra team, it is confirmed that mysql instance is using TLSv1.1. Please find the command outputs that I have run in the mysql workbench :
SHOW GLOBAL VARIABLES LIKE '%version%';
Now this verifies that the server is using TLSv1.1.
Connection establish efforts - Workbench
Everything works fine
Connection establish efforts - Using mysql.exe (server/bin/)
C:\\Program Files\\MySQL\\MySQL Server 5.7\\bin\\mysql.exe" -u serverusername -h xxxxxxx.xxxxxxxxxxxx.eu-west-1.rds.amazonaws.com dbname -p --ssl-mode=PREFERRED
Asks for password and connects fine
C:\\Program Files\\MySQL\\MySQL Server 5.7\\bin\\mysql.exe" -u serverusername -h xxxxxxx.xxxxxxxxxxxx.eu-west-1.rds.amazonaws.com dbname-p --ssl-mode=DISABLED
Asks for password and connects fine
So now we have sufficient facts to say that from this aws Vm we are able to connect to the RDS instance using workbench and mysql.exe utility (both SSL enabled)
Then next we try to connect to the same RDS instance using a console application that is using the mysql connector DLL provided by the mysql team. Please find application code below along with mysql connector dll version
Code :
static void Main(string[] args)
{
//ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
//ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
Console.WriteLine("making certficate connection");
string connMainOut = connMain();
Console.WriteLine(connMainOut.ToString());
Console.ReadLine();
}
private static string connMain()
{
try
{
MySqlConnection connection = new MySqlConnection(ConfigurationManager.AppSettings["conns"]);
connection.Open();
return connection.ToString();
}
catch (Exception ex)
{
Console.WriteLine("==============================");
Console.WriteLine("connMain" + ex.ToString());
Console.WriteLine("==============================");
return "null";
}
}
MySql connector version :
My app.config looks like this :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="conns" value="SERVER=xxxxxxxx.xxxxxxxxxxxxx.eu-west-1.rds.amazonaws.com;
database=databasename;
user=username;
PASSWORD=password;
SslMode=PREFERRED;"/>
</appSettings>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
</configuration>
It throws this error
Now with using SslMode=None;
Now with SslMode=REQUIRED , I get the same error
We have already spent a lot of time on this and still are unable to connect using TLS. If more information is required, please let me know.
From the error log it also says "The message received was unexpected or badly formatted" which generally means that something is wrongly configured on the server. TLS 1.1 is not considered secure anymore.
Download IISCrypto to review “Schannel” and “Cipher Suites” tabs and see if settings are correctly configured and post making the changes can restart the server.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.