The problem and solution is posted here for posterity.
On a production CentOS 5.11 system, I recently had a cron job that started failing. One of the thing that the cron job does is connect to a MySQL server via TCP using SSL.
Debugging things got me to the point where invoking the mysql client would result in:
% mysql ERROR 2026 (HY000): SSL connection error
(Not exactly informative.) Given that there have been recent openssl updates, I figured the problem was there, however the lack of any decent debug output from mysql/openssl made it hard to figure out. After going down a few false starts, including looking at the SSL certificate and root CA, I found this:
https://github.com/iuscommunity-pkg/mysql55/issues/4
It turns out that the default cipher for the mysql client is hardcoded, and the one specified is no longer supported in the server. The solution is to add to /etc/my.cnf (or ~/.my.cnf) the following (or the equivalent for your preferred cipher) to the client section(s):
ssl-cipher=AES128-SHA
Devin