Cannot conect MySQL (error 2026) after upgrade to Ubuntu 20.04
Solution 1:
As a temporary solution you could disable ssl from the command line
$ mysql -h <myserver> -u <myuser> -p --ssl-mode=DISABLED
password:
or by creating a my.cnf file
$ cat /etc/my.cnf
[client]
ssl-mode=DISABLED
Solution 2:
Apologies for leaving what should be a comment as an answer (not enough rep), but:
- since Ubuntu 20.04, it seems like TLS 1.0 and 1.1 have been disabled system-wide.
- I don't know how to re-enable it (that's how I stumbled across this question)
I have no evidence of this other than openssl s_client -tls1 -connect <some TLSv1-enabled host>:443 doesn't work, and neither can nginx support TLS 1.0 and 1.1 as a server (even being configured correctly) :/.
TLS versions before 1.2 are generally considered unsafe enough to be avoided, which is probably why this has been done.
I'm afraid this only provides half the answer; I hope someone will chime in with a solution to re-enable TLS 1.0 and/or 1.1.
Solution 3:
I have found a solution assuming your MySQL is using OpenSSL and not yaSSL.
Refer to the ssl_cipher configuration variable of MySQL.
Configure a list of ciphers that includes the pseudocipher @SECLEVEL=1.
For example,
ssl_cipher = "DHE-RSA-AES128-GCM-SHA256:AES128-SHA:@SECLEVEL=1"
If you need a more permissive but still secure cipherlist,
"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@SECLEVEL=1"
taken from cipherlist.eu might do the job.
Solution 4:
What worked for me was as described here mysql 5.7 ciphers to enable TLS 1.2:
[mysqld]
tls_version=TLSv1.2
After restarting I was able to import again.