I can't connect to MariaDB via ssl: no cipher match 0x80090331 (SEC_E_ALGORITHM_MISMATCH)

Hello. I can't connect to MariaDB via ssl. I'm getting an answer: SSL connection error: no cipher match. Error 0x80090331 (SEC_E_ALGORITHM_MISMATCH).

I tried to enter the data in the "SSL cipher" field, tried to find at least some information on the Internet, but nothing helped. The problem is either in the TLS version or in the fact that the certificate is self-signed. Please help solve the problem.

MariaDB 10.11.6 HeldiSQL 12.7.0.6853 (64 bit) Windows 11 Build 22000

I also tried to connect via MySQL WorkBench - everything connected well without additional manipulations. I couldn't find any difference in the connection settings between the programs.

At least you're not alone:

• issue #1426
• issue #1768
• issue #1843

v12.7 comes with the latest libmariadb.dll connector library. Can you please check if that's the one you have set in your HeidiSQL session? (not libmysql*)

Oh, thanks for the other links, I didn't see these posts. Yes, it is libmariadb.dll that is installed, when i'am select libmysql.dll (or libmysql-6.1.dll) i'm get: "SSL connection error: unable to get private key".

In fact, I encountered this problem a few years ago, but then I decided to just switch to using MySQLWorkbench, but now I would like to stay with Heldi.

I pushed a change which may have some effect here. But I'm unsure. Please test the next build 6856.

However, if you can, let us please do further reports and tests in issue #1768. The reporter already hacked into the MySQL connection using Wireshark, which I find quite useful.

Unfortunately, 6856 did not solve the problem.

I don't know as much as the person in the post above. Therefore, if you tell me what information you need, I will try to provide it. I didn’t use Wireshark and don’t know the details, but I tried to attach data similar to the data from your message. However, I couldn't find the Client Key Exchange section no matter how hard I tried. Perhaps I was looking in the wrong place. If possible, tell me how I can find this place? Perhaps this section appears at SES_LEVEL -1, but I have not yet been able to configure it on the server side. If this is an important point, please let me know and I will try to fulfill this and provide more information. Thank you for your help.

This is what I was able to get at the moment

I pushed another modification, which you could give a try (build 6858). Two things changed here:

• mysql_ssl_set() is deprecated, and it was anyway a conveniance function. Next builds set SSL options using mysql_options() and the various MYSQL_OPT_SSL_* options
• Converted one suspicuous ANSI string to a pointer, for MYSQL_OPT_TLS_VERSION

I ran 6858 and the problem is still here. If necessary, I could give access to my PC so that you can collect the necessary logs or perform debugging.

It would indeed be good to have a SSL-enabled server and to which I could connect to per HeidiSQL. Probably you could give me (restricted) access to your MariaDB 10 server? You can contact me per mail, see my address on the imprint page.

Thank you for sending credentials to that MariaDB server.

I just tried a few things in the connection code, but with no luck.

Could it be we're having a server side issue with OpenSSL, like written in CONC-527?

However, his proposed workaround was to lower the security level using SECLEVEL=1 on such servers, so the handshake decides for (insecure) rsa_pkcs1_sha1 or similar.

I think I got it now. There were two issues, one of them is that older libmysql and all libmariadb are not able to connect to newer SSL-enabled servers. This issue is not in HeidiSQL itself. That's why I just added libmysql from MySQL 8.4.0 to the the nightly built installer.

The other issue was in HeidiSQL, and caused it not to work even with that newer libmysql. This was due to some wrong offsets in the mysql_options() constants, like MYSQL_OPT_USE_REMOTE_CONNECTION. Some of these were removed in MySQL 8, and HeidiSQL still worked with the old offsets.

You can download the nightly built installer to get the newer libmysql:

Please report back if that now works.

@gurianoff: I could not reach your MySQL server since a few days. Justin helped me out with his SSL-enabled server. Thanks to both of you!

It really worked! Thank you very much for continuing to support the product and helping solve problems! You are awesome!