On 08/17/2015 11:19 AM, Johnny Hughes wrote: > On 08/17/2015 10:57 AM, Tony Mountifield wrote: >> I recently applied updates to a CentOS 5 box running MySQL. I've discovered >> that the new version of openssl, 0.9.8e-36.0.1.el5_11, breaks MySQL SSL >> connections. >> >> If I rename /lib/libssl.so.0.9.8e and replace it with the old version of >> that file from openssl-0.9.8e-27.el5_10.1 (not sure if that is the next >> oldest, but it was handy), then SSL connection to MySQL works again. >> >> I then performed cross-checks using the server with new libssl and the >> client with old, and then vice versa. What I found was that it didn't >> matter whether the server was started with the old libssl or the new libssl. >> In both cases, the mysql client would only connect using the old libssl, >> and not when using the new libssl. >> >> When it works with the old libssl, I can confirm that SSL is in use: >> >> mysql> \s >> -------------- >> mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1 >> >> Connection id: 2 >> Current database: >> Current user: root at localhost >> SSL: Cipher in use is DHE-RSA-AES256-SHA >> >> The error with the new libssl looks like this: >> >> [root at hostname ~]# mysql >> ERROR 2026 (HY000): SSL connection error >> >> Has anyone else come across this? Is it a bug in SSL? Or a new restriction? >> Do I need to regenerate my certificates using the new openssl? >> >> Cheers >> Tony >> > > You should now be using mysql55 on CentOS-5, not mysql-5.0 In case you did not understand my post, here is how one is supposed to move from mysql-5.0 to mysql55 and why: https://rhn.redhat.com/errata/RHEA-2013-1329.html https://rhn.redhat.com/errata/RHEA-2013-1330.html Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150817/7a1ef6f1/attachment-0005.sig>