SSL Connection Problems
Posted: Mon 30 Aug 2010 14:58
Hi,
We are running a MySQL server version 5.0.86 with OpenSSL enabled and are having problems connecting to it using 3.55.17 version of the CoreLab.MySql drivers when the "SSL Cipher List" is specified in the connection string.
When using SSL Cipher List, the connection string looks like:
User Id=user;Password=pwd;Host=dbHost;Port=3306;Database=dbName;Direct=True;Unicode=True;Protocol=Ssl;Connection Timeout=120;Pooling=True;Connection Lifetime=1800;SSL Cipher List=DHE-RSA-AES256-SHA;SSL CA Cert=file://C:\ca-cert.pem;
On an attempt to connect, we receive the following error:
This algorithms are not supported.
at CoreLab.MySql.j.a(String A_0)
at CoreLab.MySql.j.b(String A_0)
at CoreLab.MySql.j.e(String A_0)
at CoreLab.MySql.b.a(String A_0, String A_1, String A_2, String A_3, Int32 A_4, String A_5, Int32 A_6, SshOptions A_7, SslOptions A_8)
at CoreLab.MySql.MySqlInternalConnection.Connect(String userId, String password, String host, String database, Int32 port, Int32 connectionTimeout, MySqlProtocol protocol, Boolean compress)
at CoreLab.MySql.MySqlInternalConnection..ctor(ac connectionOptions)
at CoreLab.MySql.a7.a(DbConnectionOptions A_0, Object A_1, DbConnectionBase A_2)
at CoreLab.Common.DbConnectionFactory.a(DbConnectionPool A_0, DbConnectionOptions A_1)
at CoreLab.Common.DbConnectionPoolGroup.c(DbConnectionPool A_0)
at CoreLab.Common.DbConnectionPool.a()
at CoreLab.Common.DbConnectionPool.GetObject()
at CoreLab.Common.DbConnectionFactory.a(DbConnectionBase A_0)
at CoreLab.Common.DbConnectionClosed.Open(DbConnectionBase outerConnection)
at CoreLab.Common.DbConnectionBase.Open()
at CoreLab.MySql.MySqlConnection.Open()
When we do not include the SSL Cipher List in the connection string or use "ALL" instead of "DHE-RSA-AES256-SHA", the connection succeeds and I can see from the server that it is using "DHE-RSA-AES256-SHA" cipher for the connection. Also, we tried specifying the Cipher using SQLYog and that works which makes me believe that the issue lies on the client side.
Can you provide more information on this? Is this a bug or something that we are doing wrong?
On a side note, the newer version of your Devart.Data.MySql (5.20.33) driver does not even connect over SSL using the same connection string above without SSL Cipher List. It gives a generic SSL exception. When we specify the Cipher List, it throws the same exception "This algorithms are not supported".
Our immediate concern is with using version 3.55.17. However, we will need support with the 5.20.33 version soon as well.
We are running a MySQL server version 5.0.86 with OpenSSL enabled and are having problems connecting to it using 3.55.17 version of the CoreLab.MySql drivers when the "SSL Cipher List" is specified in the connection string.
When using SSL Cipher List, the connection string looks like:
User Id=user;Password=pwd;Host=dbHost;Port=3306;Database=dbName;Direct=True;Unicode=True;Protocol=Ssl;Connection Timeout=120;Pooling=True;Connection Lifetime=1800;SSL Cipher List=DHE-RSA-AES256-SHA;SSL CA Cert=file://C:\ca-cert.pem;
On an attempt to connect, we receive the following error:
This algorithms are not supported.
at CoreLab.MySql.j.a(String A_0)
at CoreLab.MySql.j.b(String A_0)
at CoreLab.MySql.j.e(String A_0)
at CoreLab.MySql.b.a(String A_0, String A_1, String A_2, String A_3, Int32 A_4, String A_5, Int32 A_6, SshOptions A_7, SslOptions A_8)
at CoreLab.MySql.MySqlInternalConnection.Connect(String userId, String password, String host, String database, Int32 port, Int32 connectionTimeout, MySqlProtocol protocol, Boolean compress)
at CoreLab.MySql.MySqlInternalConnection..ctor(ac connectionOptions)
at CoreLab.MySql.a7.a(DbConnectionOptions A_0, Object A_1, DbConnectionBase A_2)
at CoreLab.Common.DbConnectionFactory.a(DbConnectionPool A_0, DbConnectionOptions A_1)
at CoreLab.Common.DbConnectionPoolGroup.c(DbConnectionPool A_0)
at CoreLab.Common.DbConnectionPool.a()
at CoreLab.Common.DbConnectionPool.GetObject()
at CoreLab.Common.DbConnectionFactory.a(DbConnectionBase A_0)
at CoreLab.Common.DbConnectionClosed.Open(DbConnectionBase outerConnection)
at CoreLab.Common.DbConnectionBase.Open()
at CoreLab.MySql.MySqlConnection.Open()
When we do not include the SSL Cipher List in the connection string or use "ALL" instead of "DHE-RSA-AES256-SHA", the connection succeeds and I can see from the server that it is using "DHE-RSA-AES256-SHA" cipher for the connection. Also, we tried specifying the Cipher using SQLYog and that works which makes me believe that the issue lies on the client side.
Can you provide more information on this? Is this a bug or something that we are doing wrong?
On a side note, the newer version of your Devart.Data.MySql (5.20.33) driver does not even connect over SSL using the same connection string above without SSL Cipher List. It gives a generic SSL exception. When we specify the Cipher List, it throws the same exception "This algorithms are not supported".
Our immediate concern is with using version 3.55.17. However, we will need support with the 5.20.33 version soon as well.