Help Center/ TaurusDB/ Troubleshooting/ Connection Issues/ SSL Connection Failed Due to Inconsistent TLS Versions
Updated on 2024-09-05 GMT+08:00

SSL Connection Failed Due to Inconsistent TLS Versions

Scenario

A client failed to connect to a cloud-based GaussDB(for MySQL) instance using SSL, but could connect to a self-built database using SSL.

Possible Causes

Troubleshooting:

  1. View error logs of the DB instance.
    2021-07-09T10:30:58.476586+08:00 212539 [Warning] SSL errno: 337678594, SSL errmsg: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol2021-07-09T10:30:58.476647+08:00 212539 [Note] Bad handshake2021-07-09T10:32:43.535738+08:00 212631 [Warning] SSL errno: 337678594, SSL errmsg: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol2021-07-09T10:32:43.535787+08:00 212631 [Note] Bad handshake2021-07-09T10:50:03.401100+08:00 213499 [Warning] SSL errno: 337678594, SSL errmsg: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol2021-07-09T10:50:03.401161+08:00 213499 [Note] Bad handshake2021-07-09T10:53:44.458404+08:00 213688 [Warning] SSL errno: 337678594, SSL errmsg: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol2021-07-09T10:53:44.458475+08:00 213688 [Note] Bad handshake
  2. According to unsupported protocol in the error information, the problem may be related to the TLS version. Run the following command to check the TLS versions of the GaussDB(for MySQL) instance and self-built database:

    show variables like '%tls_version%';

    It was found that the GaussDB(for MySQL) instance used TLS v1.2 and the self-built database used TLS v1.1. The TLS version of the client was the same as that of the self-built database. The self-built database is successfully connected, but the GaussDB(for MySQL) instance failed to be connected.

Solution

Upgrade the TLS version of the client to TLS v1.2.

If the official JDBC driver mysql-connector/J is used, see Connecting Securely Using SSL for the configuration method.