Connecting to Amazon RDS with SSL

jbones78 posted 6 months ago in Creating a connection

Having issues with connecting to an Amazon RDS Aurora 5.7 compatible database. SSL is forced for every connection (as it should be). Connecting via the command line works fine:

*****@*****-laptop:~$ mysql -h ********* -u ********** -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 64923
Server version: 5.7.12 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SHOW SESSION STATUS LIKE 'Ssl_cipher';
| Variable_name | Value              |
| Ssl_cipher    | DHE-RSA-AES256-SHA |
1 row in set (0.35 sec)

It looks as though SSL is handled automatically by the mysql client but Heidi SQL doesn't. I've tried downloading the public key ( com/AmazonRDS/latest/UserGuide/AuroraMySQL.Security.html) and using that as the 'SSL CA certificate' and/or 'SSL certificate' fields in Heidi SQL, however, I get the error:

SSL connection error: unknown error number

Any help would be greatly appreciated.

pablo987 posted 4 months ago

Yes, I have seen that after adding the SSL certificate on our website we faced many issues. Like the issue, you have shared. But still, we have to add this certificate on our website. Otherwise, you will also face the same punishment as me which I have to face with my website. It was demoted by Google until I haven't added the SSL certificate.

hsg00007 posted 4 months ago

I was fixed it by replacing libmysql.dll. If you installed lastest Mysql Workbench version, you can use Workbench`s libmysql.dll.

ducci1012 posted 2 months ago

I was fixed it by replacing libmysql.dll. If you installed lastest Mysql Workbench version, you can use Workbench`s libmysql.dll.

Just wanted to chime in and thank hsg00007 for the solution. My MySQL RDS instances automatically upgraded from 5.6.27 to 5.6.40, and the latest HeidiSQL no longer worked trying to connect over SSL with the same "SSL connection error: unknown error number". Downloading the latest MySQL Workbench and replacing the DLL solved the issue without any other changes.

ducci1012 posted 1 month ago

As a follow up on this, I actually believe this might be related to a bug in older versions of the MySQL C connector library that it seems many applications use. I began having this problem connecting to my instances on Windows through Python shortly after I experienced the issue with Heidi. I was using MySQL-python for several years without issue using the most recent certificates, and also tried the latest version of mysqlclient (a more recent, updated fork) and had the same issue in both. However, I then tried PyMySQL which is a pure python implementation and everything began working correctly.

I believe the libmysql.dll is the package in regard to the MySQL C connector, which somewhat explains why replacing this with a newer build from Workbench makes things work?

Please login to leave a reply, or register at first.