MariaDB 10.4 SSL connection error: protocol version mismatch

Attilio_Punzi · February 19, 2020, 3:50pm

Good morning,

I was doing some tests to switch my webapp from mysql to mariadb. I don’t understand why if I try to connect to the mariaDB 10.4 database with a user requesting SSL it gives me the following error: “2026-SSL connection error: protocol version mismatch”. I tried to remove the SSL requirement from the user but I get the same error 2026. In both cases I can connect with HeidiSQL so I exclude wrong configurations or firewall problems.

Test situation:
Xojo 2018r4/2019r3.1
Windows 10
MariaDB 10.4 on Centos7

If I compile the web app from linux it connects to the database without problems.
Any suggestions?

Norman_Palardy · February 19, 2020, 4:07pm

Personally moving from mySQL to Maria is really just chaging db names
They both have a dual license - free for GPL usage but may NOT be free for commercial usage
So be careful with these db’s

I’d move to PostgreSQL as it is FREE for ANY purpose - GPL, free, commercial you name it

All that said have you set your db connection to use the same connection parameters (including all the SSL properties ?)
The protocol mismatch almost seems like its you trying to connect using something like SSL 2 and the server expects SSL 3 (or some other mismatch like that - client is using TLS 1.1 and server expects TLS 1.2)

Attilio_Punzi · February 19, 2020, 4:49pm

Okay, you were right. The problem is that the xojo plugin tries to connect in TLSv1.0 . To solve the problem, I changed the accepted protocols on mariadb by adding the following instruction: :

tls_version = TLSv1.0,TLSv1.1,TLSv1.2,TLSv1.3

Rick_Araujo · February 20, 2020, 12:08am

Has Xojo already solved the PGSQL Prepared Statement server side leakage? (Xojo never releasing the temp PS)

Tomas_J · February 20, 2020, 12:52am

@Attilio : I hope your DB does only accept localhost connections from your webapp? Consider any open DBMS ports in the internet as invitation for hackers and as ticking time bomb.

Norman_Palardy · February 20, 2020, 1:23am

Not in a released version yet as far as I know
thats this bug <https://xojo.com/issue/41633>

Attilio_Punzi · February 20, 2020, 7:41am

I didn’t say my database accepts connections outside the lan network. Port 3306 is closed on the firewall and the webapp has a special account utente@127.0.0.1. I created another user example@192.168.1.% REQUIRE SSL to debug the app on windows and manage the database with LAN connections.

Will the plugin ever be updated to support higher TLS versions?

Rick_Araujo · February 20, 2020, 12:46pm

Thank you for finding the FB case. I was trying to find it, searching keywords, and couldn’t.
Fortunately they say it is fixed for 2020R1.

Ivan_Tellez · February 20, 2020, 5:24pm

[quote=476032:@Norman Palardy]Not in a released version yet as far as I know
thats this bug <https://xojo.com/issue/41633>[/quote]

Wow, 2015 report just confirmed on 2020

Norman_Palardy · February 20, 2020, 7:59pm

We wont discuss the length of time some bug reports have been sitting
Feature requests I understand
Bug reports though shouldnt languish so long
I tried to deal with as many old IDE bug reports as I could

Christian_Schmitz · February 20, 2020, 8:55pm

You can always try MBS Xojo SQL Plugin instead.