Bad handshake

David Marcus's profile image David Marcus posted 4 months ago in General Permalink

I get "Connection failed Bad handshake" when using SSL to connect to MariaDB 10.5.22. I tried changing "Certificate verification" to "No verification (insecure)", but I stll get "Bad handshake". I can connect via "mariadb.exe --ssl --ssl-verify-server-cert". I'm using HeidiSQL 12.8.0.6908.

ansgar's profile image ansgar posted 4 months ago Permalink

Try the libmysql v8.4 in the library dropdown.

David Marcus's profile image David Marcus posted 4 months ago Permalink

That works with "No verification", but not with either of the other two options. The error is "CA certificate is required".

ansgar's profile image ansgar posted 4 months ago Permalink

Did you try to specify the CA certificate?

Another user did that which helped.

David Marcus's profile image David Marcus posted 4 months ago Permalink

How do I determine the CA certificate? Do I have to ask the hosting provider?

How come mariadb.exe doesn't complain when it connects?

David Marcus's profile image David Marcus posted 4 months ago Permalink

I have MariaDB 10.5.18 installed locally, so that is the version of mariadb.exe that I'm running.

ansgar's profile image ansgar posted 4 months ago Permalink

Perhaps MariaDB just does not complain silently? Not sure. You could test with a query:

SHOW GLOBAL STATUS LIKE 'ssl_cipher';
David Marcus's profile image David Marcus posted 4 months ago Permalink

There have been times in the past when mariadb has complained about the certificate, and I've gotten the hosting provider to fix it. But, it is working fine now:

c:>mariadb --ssl --ssl-verify-server-cert --host=mars.atomiclayer.com --user=ratingscentral --password=*** --database=davidmarcus_ratingscentral --compress Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 1325614 Server version: 10.5.22-MariaDB-cll-lve MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [davidmarcus_ratingscentral]> SHOW GLOBAL STATUS LIKE 'ssl_cipher'; +---------------+-----------------------------+ | Variable_name | Value | +---------------+-----------------------------+ | Ssl_cipher | ECDHE-RSA-AES256-GCM-SHA384 | +---------------+-----------------------------+ 1 row in set (0.090 sec)

Please login to leave a reply, or register at first.