Reputation: 31
MySQL error when using remote connections with SSL
I installed a mysql server on a host and I would like to connect from another host to the mysql server with encrypted connections (both run Ubuntu 12.04). I already created and transmitted the certificates and tested the setup manually. I can connect to the remote mysql server using the key and certificate from the Linux command line, so the server configuration seems to be correct:
$ mysql -h x.x.x.x -u user01 -p --ssl-ca=ca.pem --ssl-cert=cert.pem --ssl-key=key.pem
The established connection (after entering the password) is encrypted and everything seems fine:
mysql> show status like 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.00 sec)
However, if I try to connect to the mysql server in PHP it's not working:
$obj = mysqli_init();
mysqli_options($obj, MYSQLI_OPT_CONNECT_TIMEOUT, 5);
mysqli_ssl_set($obj, "/etc/mysql/key.pem", "/etc/mysql/cert.pem", "/etc/mysql/ca.pem", null, null);
mysqli_real_connect($obj, NODE_IP, NODE_USER, NODE_PASSWORD, NODE_DATABASE);
I get the following error:
PHP Warning: mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages:
error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small in /var/www/internal/test.php on line 11
When I define a cipher, e.g. ""DHE-RSA-AES256-SHA" in the mysqli_ssl_set function (last argument), I get the same error, even the same cipher was used in the manual connection from the command line that acutally worked (see above). When I define a stronger cipher, like "ECDHE-RSA-AES256-GCM-SHA384", I get a new error message:
PHP Warning: mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages:
error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available in /var/www/internal/test.php on line 11
I have no idea whats wrong, any ideas? Thanks!
Upvotes: 2
Views: 1796
Answers (1)
Reputation: 31
I could solve this Diffie-Hellman key-length issue just by using "AES256-SHA" in the cipher specifications of mysqli_ssl_set().
Thanks!
Upvotes: 1
Related Questions
- Connect to remote MySQL server with SSL from PHP
- Mysql connection over SSL with PHP mysqli
- MySQL SSL Remote Connection Error: Unable to get Private Key
- PHP mysqli cannot recognize SSL certificates to remote database
- MYSQL remote connection require SSL
- Mysql ssl connection with real connect giving error
- Cant connect to MySQL when using SSL
- MySQL database SSL connection using PHP
- Using SSL to connect to mySQL from PHP
- Connecting to MySQL via SSL using PHP