Hi, I had till now the same problem started together with plink error mentioned in issue https://github.com/HeidiSQL/HeidiSQL/issues/521#issuecomment-483363129 .
Today I had time to play with different MySQL variants/versions and connection types and found out,
that my "probably special server :)" is a common problem ;)
I have setup - like you - SSL certificates for my MySQL servers (else SSL can't be used).
Because there was yet no IP check if IP address and no hostname is used in certificate I forgot about the possibility that the "Bad handshake" can be caused by certificate CN mismatch which is here the cause of connection failure because localhost/127.0.0.1 is not the same public IP/hostname given in certificate.
- Perhaps someone can check this out and if MySQL/MariaDB/Percona servers and their clients have the possibility to use/check for alternative certificate subjects like webservers ("Multi-Domain certificate").
- HeidiSQL should give better error message which should be possible like here found:
ERROR 2026 (HY000): SSL connection error: SSL certificate validation failure
Else there is already for new connections the SSL box unchecked.
But this can be an security problem when connecting through a ssh tunnel between ssh server over a remote network to a dedicated server or an ssh server connection to localhost where unwanted people could perhaps listen with tcpdump even on localhost interface.
So it would be much better for security to let SSL connection parameter active even for SSH tunnels but it should be allowed to uncheck this option.
Old connections are setup with SSL and deactivated checkbox.
=> Workaround to uncheck the SSL connection:
- Copy your MySQL username to clipboard
- switch from MariaDB or MySQL (SSH tunnel) to (TCP/IP)
- go to Advanced tab and uncheck Use SSL
- switch back from MariaDB or MySQL (TCP/IP) to (SSH tunnel)
- copy back MySQL username to User field