3

Following all of the documentation Microsoft provides for their new Azure MySQL product, I keep getting the same error

Error: 140736265921472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:794

I have tried this on a Linux docker container in case that I had an issue on macOS.

Example code, I have tried this isolated from my app to be sure:

var mysql = require('mysql2');

var conn = mysql.createConnection({
  host: "mydbname.mysql.database.azure.com",
  user: "user@mydbname",
  password: 'password',
  database: 'dbname',
  port: 3306,
  ssl: {
    ca: fs.readFileSync('./BaltimoreCyberTrustRoot.crt'),
  }
});

Documentation I followed:

https://learn.microsoft.com/en-us/azure/mysql/howto-configure-ssl https://learn.microsoft.com/en-us/azure/mysql/howto-connection-string

I have tried both mysql and mysql2 node drivers without success. Anyone solved this?

Improve this question
3
  • Did you install mysql2? npm install --save mysql2 Commented May 15, 2017 at 12:59
  • 1
    Yes I have mysql2 installed. Commented May 15, 2017 at 16:36
  • I'm having the exact same issue on Windows. Node v6.10.3 Commented May 15, 2017 at 20:10

1 Answer 1

Reset to default
4

Thanks for reporting the issue. The bug had been exposed in our internal testings and fixed. We will deploy the fix these several days, and we'll keep you posted. At the mean time, please use non-ssl mode to mitigate if you could. Thanks!

-----Edit-----

Hi, the fix has been deployed. Please try out! Thanks.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Out of curiosity, what is the fix being implemented? The issues being discussed on github for mysql lib points that there's an issue with authentication switch (which means node can't connect with or w/o SSL). The PR to fix the switch won't fix the SSL issues. Was this because the cert issued wasn't setup for the mysql database domain? Because I noticed that also.
Hi Dave, there were two issues here. One was node client did not support authentication switch protocol; the other one was our service had a regression talking to node client over SSL connection. The regression was caused by capability flag was not recognized. Thanks for your interest!
Hi, with the same code I now get Error: unable to get local issuer certificate with both mysql and mysql2 latest drivers?
@sjdweb Can you try pem format root CA instead of crt? Another option is to set rejectUnauthorized: false to try to mitigate.
@TwoCode Hi, this has solved my issue. But after a few minutes in my app I see Error: read ECONNRESET at exports._errnoException (util.js:1050:11) at TLSWrap.onread (net.js:582:26) though? I saw this on a separate Stackoverflow here in the answer comments, the user still accepted the answer though: stackoverflow.com/questions/44210615/…
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.