在过去24小时内,我遇到了一个没有任何解决方案的奇怪问题。我刚刚按照互联网上提供的指南设置了SSL。我的服务器运行Suse linux。在ssl设置之后,我的mysql配置文件/etc/my.cnf如下所示。
客户端配置:
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /var/run/mysql/mysql.sock
ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/client-cert.pem
ssl-key=/etc/mysql/client-key.pem
MySQL服务器配置:
# The MySQL server
[mysqld]
port = 3306
socket = /var/run/mysql/mysql.sock
# Change following line if you want to store your database elsewhere
datadir = /MySQL
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
default_storage_engine = myisam
ssl
ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem
SSL状态:
当我登录mysql时,它会显示SSL并运行。
mysql> show variables like '%ssl%';
+---------------+----------------------------+
| Variable_name | Value |
+---------------+----------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/mysql/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/server-cert.pem |
| ssl_cipher | |
| ssl_key | /etc/mysql/server-key.pem |
+---------------+----------------------------+
7 rows in set (0.00 sec)
另一项检查以查看SSL的状态。
mysql> \s
--------------
mysql Ver 14.14 Distrib 5.5.33, for Linux (x86_64) using readline 6.2
Connection id: 5
Current database:
Current user: root@localhost
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: less
Using outfile: ''
Using delimiter: ;
Server version: 5.5.33 openSUSE package
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /var/run/mysql/mysql.sock
Uptime: 2 min 2 sec
Threads: 4 Questions: 280 Slow queries: 0 Opens: 40 Flush tables: 1 Open tables: 33 Queries per second avg: 2.295
--------------
现在我创建了一个名为TestuserSSL的用户,该用户需要SSL才能连接到mysql服务器,并且只能访问一个名为TraccarDEV的数据库。使用以下方法检查用户的声明。
mysql> SHOW GRANTS FOR 'TestuserSSL'@'%';
+-------------------------------------------------------------------------------------------------------------------------+
| Grants for TestuserSSL@% |
+-------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'TestuserSSL'@'%' IDENTIFIED BY PASSWORD '*6C47D9CD3A183D230B04FE7F38D7D313E2B4B5AE' REQUIRE X509 |
| GRANT ALL PRIVILEGES ON `TraccarDEV`.* TO 'TestuserSSL'@'%' |
+-------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
现在,当我尝试使用
以用户mysql登录TestuserSSL时从控制台
mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -u TestuserSSL -p
控制台要求输入密码,输入密码后我继续发出刺激性错误!
ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use
经过几个小时的停留后,我找不到任何解决方案。希望这里的专家能给我指路。
BR