I have access to 2 MySQL Servers (one for production and one for development). I have the host, port, database, user, password and the CA Cert file for them. I could connect to both using mysql workbench and from the windows cmd. (Yes, I have to work on windows for now)
Now according to security requirements, I need to connect using protocol TLSv1.2 or TLSv1.2, and Cipher AES256 and SHA2. These are currently not enforced on the development server, but they are on the production, and I am not able to connect on the production right now.
I satisfy AES256 and TLSv1.1 requirement.
But how do I get my client to connect using SHA2? Both Workbench and CMD doesn't work when I specify a cipher using both AES256 and SHA256 or SHA384. But it works fine if I specify something like AES256-SHA. Does this mean that it is not supported and I need to update something? By default, it uses 'DHE-RSA-AES256-SHA'
If I try to set one of the AES256-SHA2 cipher on the production, I get the error:
ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use
If I don't specify any ciphers, I get the error
ERROR 2026 (HY000): SSL connection error: unknown error number
I've looked up multiple posts on stackoverflow, mysql devs and mysql bugs website, and none seem to address this.
I have to ultimately get this to work with Ms. Access, since MySQL will be the backend for it. I even tried by creating a system DSN, but the same error pops up.
Maybe the ODBC Connector doesn't support SHA2? I couldn't find anything on this anywhere.
I have the latest version of ODBC and MySQL Workbench.
Turns out, the community versions(free) of MySQL Workbench and ODBC are compiled using yaSSL while the commercial versions use OpenSSL. And SHA2 is not supported by yaSSL. Once I got the commercial versions, I was able to connect using SHA2.
Related
I recently setup a new AWS server to be used as a web server for some small utility apps. It's running Windows 2012. I then:
Installed Chrome
Installed Lucee 5.2.7.63 using installer
Installed MySQL 8.0.11 Community Edition using installer
Installed MySQL Workbench
Created a new schema via MySQL Workbench (which connects to MySQL just fine)
Created a datasource in Lucee server administrator which fails verification with:
Could not create connection to database server.
I tried using both a Lucee specific user, and the root user, and neither worked. When I checked the Lucee error log I saw this occur several times, once for each verification attempt:
Wed Jul 18 19:52:08 UTC 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
My guess is that I either need to force Lucee to use SSL, or force MySQL to allow a non SSL connection. Unfortunately, the Lucee administrator has no option related to SSL and doesn't allow me to modify the connect string manually. And I'm unsure how to alter settings for MySQL as I can't seem to find a my.ini file anymore.
The last time I setup a server was with MySQL 5.7 and I had no problems from start to finish, so I assume this must be a MySQL 5.8+ issue, but that is contradicted by the error message.
Update
In the end I decided to uninstall MySQL 8 and install MySQL 5.7. It was difficult to download the installer for 5.7 (I got 8 again the first time for some reason), and then there was a conflict with the MySQL installer, that didn't want to recognize the 5.7 I downloaded, but after getting through it all Lucee began connecting immediately with no problem.
I would still be interested in a solution, though, so that I can use MySQL 8 in the future.
You could try defining the datasource in your Application.cfc which will give you more control over the connection parameters. For example:
this.datasource = {
database: "mydatabase"
,type: "mysql"
,host: "hostname"
,port: 3306
,username: "myusername"
,password: "encryptedpassword"
,custom: {
useSSL: false
,useUnicode: true
,characterEncoding: "UTF-8"
}
};
I have a trivial VB script which I am using to connect to a MySQL database on a Windows Server (2012 R2).
It's all super simple, out of the box "connect to MySql example" stuff.
I have verified that MySQL is listening on all local IPV4 addresses. I can connect with MySQL workbench with the same parameters. Yet I get a weird error when connecting via my program:
An address incompatible with the requested protocol was used
My connect string is as follows:
"server=127.0.0.1;database=test;uid=xx;pwd=xx"
It appears the connection tries to use IPV6 when connecting. How is this possible?
I suspect some kind of firewall is modifying or blocking my network connection, but it is a "new" machine for me and I don't know what's installed.
The problem was due to an old MySQL Connector DLL (MySQL.Data.dll) version which was either incompatible with Windows (hence the networking error message) or the version of MySQL I'm running. After upgrading the dll, the connection worked properly.
This may help out someone who has a similar problem, as the error is highly misleading.
I am attempting to connect Tableau on a client (Windows 7) to a MySQL Server 5.6 (on Windows Server 2012 R2) that is hosting my data warehouse. This server is hosted on my university's network. Here is what I have done so far:
created a user that has privileges it needs (I ran GRANT ALL PRIVILEGES ON the user with FLUSH PRIVILEDGES, based on some other stack overflow posts)
made sure the host specified in the user table is "%"
made sure there was nothing in the my.cnf file that would prevent external connections (again based on another stackoverflow post)
ensured that the edition of MySQL running on the server is 64 bit, like the version of Tableau I'm running
I still get the "[MySQL][ODBC 5.3(w) Driver]Host 'vpn240-74.vpn.utah.edu' is not allowed to connect to this MySQL server" error. This same error is thrown when I try to telnet to the port on the server MySQL is listening on.
I have found that this error persists whether I am connected via a vpn or on campus. I can RDP to the server in question, ping it, and found the firewall rule for the port I am using, so I don't think there is anything network related that is stopping me.
All my stackoverflow research says that error means MySQL is convinced that the user is not allowed to connect from that specific hostname, but I get the same error whether I change the entry in the user table to be "%" or the specific hostname from the error message.
Also I see that the Tableau MySQL driver I installed is a lower version number than the MySQL instance I'm trying to hit (5.3 vs 5.6) but that is the newest driver on the Tableau site that I can find.
Any help greatly appreciated.
Have you tried making an ODBC connection in your computer to your MySQL server and testing it that way?
Tableau can then connect via an ODBC connection made rather than the explicit Tableau MySQL driver. In Tableau under More Servers... Other Databases (ODBC) shows up at the very bottom.
There have been a number of questions on this topic on Stackoverflow but not exactly my situation.
I have a MySQL server installed on my PC, which was working fine. We used to have a peer-to-peer network in the office. My PC was just named "MY-PC". Some change occurred to the network and my PC is now connected to a "proper" network, and the name of the PC has changed to "MY-PC.mycompanywebsite.co.uk".
Now every time I try to connect to MySQL it gives me the error:
#1130 - Host 'My-PC.mycompanywebsite.co.uk' is not allowed to connect to this MySQL server
I can't log in using the command line tool or anything. Is there a config file setting I need to change to get this working?
By the way, this is a version of MySQL which came in an installation of WAMPServer, so I did not configure it myself.
I have a MySQL instance running on a Linux box, and a Mac which also has Win7 (Bootcamp/VMWare). I can connect to the MySQL db from Navcat Lite for Mac with no problems, however, I prefer Toad. I installed Toad for MySQL for Win7 but it just CANNOT connect to the db. I installed ODBC for MySQL and it CAN successfully connect to the db, so it's not a firewall issue (I also tried disabling the firewall)
Here is a quick summary of what I see:
MySQL db running on Linux box, within my network, port 3306
Mac can successfully connect to the db through Navcat Lite
Toad for MySQL (Win 7) CANNOT connect to the db using a TCP connection (tried increasing connection timeout to 30 sec)
ODBC Driver for MySQL (Win 7) CAN connect to the db using the same credentials
Any help would be much appreciated!
Here is the error that Toad throws:
System.TimeoutException
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Check this bug report. Might be what you are facing.
link:
http://toadformysql.com/thread.jspa?threadID=32380
Taking in account your recent outcome from the packet sniffing, i do believe it is related to this bug report.
Toad seems to use the .net framework, according to the release notes it requires version 3.5 to be installed and the security policy set to unrestricted.
So, do you have .net 3.5 installed? if so, can you try to run toad as administrator?
PS: to set the security policy and i'm quoting from the link above:
To run Toad, the .NET security policy must be set to Unrestricted. To modify the security policy:
Select Control Panel from the Windows Start menu.
Double-click Administrative Tools.
Double-click Microsoft .NET Framework version Configuration.
Select My Computer, and then select the Runtime Security Policy
node.
Select Evaluate Assembly from the list of tasks in the right panel,
and locate and select Toad.exe in the File field.
Click Next and set the permission to Unrestricted.
Hope it helps, keep providing information.
I have the same issue with one my MySQL installations. I am able to connect using MySQL Workbench, but Toad for MySQL does not connect. Also, every application I created using MySQL .NET Connector also times out.
The solution I found was to connect the machines to the Internet and they connect instantly. I believe it has to do with the Connector and not Toad. Updating to a version beyond 5 should help.
Using freeware Toad for MySQL 8.0.0.296 (64 bit), instead using connection type TCP, use connection type SSH, insert database data like Host IP, user, password, default database and port. Also add SSH port, SSH Host IP, SSH user and password. Toad will emulate onnection directly to SSH console, the interface is the same, it works very fine, the error "Character set 'utf8mb3' is not supported by .Net Framework" is gone.