Cannot conect MySQL (error 2026) after upgrade to Ubuntu 20.04

mysql ssl centos7 ubuntu-20.04

I have found a solution assuming your MySQL is using OpenSSL and not yaSSL.

Refer to the ssl_cipher configuration variable of MySQL.

Configure a list of ciphers that includes the pseudocipher @SECLEVEL=1.

For example,

ssl_cipher = "DHE-RSA-AES128-GCM-SHA256:AES128-SHA:@SECLEVEL=1"

If you need a more permissive but still secure cipherlist,

"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@SECLEVEL=1"

taken from cipherlist.eu might do the job.


As a temporary solution you could disable ssl from the command line

$ mysql -h <myserver> -u <myuser> -p --ssl-mode=DISABLED
password:

or by creating a my.cnf file

$ cat /etc/my.cnf  
[client] 
ssl-mode=DISABLED

Apologies for leaving what should be a comment as an answer (not enough rep), but:

  • since Ubuntu 20.04, it seems like TLS 1.0 and 1.1 have been disabled system-wide.
  • I don't know how to re-enable it (that's how I stumbled across this question)

I have no evidence of this other than openssl s_client -tls1 -connect <some TLSv1-enabled host>:443 doesn't work, and neither can nginx support TLS 1.0 and 1.1 as a server (even being configured correctly) :/.

TLS versions before 1.2 are generally considered unsafe enough to be avoided, which is probably why this has been done.

I'm afraid this only provides half the answer; I hope someone will chime in with a solution to re-enable TLS 1.0 and/or 1.1.


What worked for me was as described here mysql 5.7 ciphers to enable TLS 1.2:

[mysqld]
tls_version=TLSv1.2

After restarting I was able to import again.

Related

Can't connect to default admin share on Windows 2008
When does a CDN (content delivery network) become worth it?
IPv6: How to start? (ISP perspective)
Apache CustomLog to log full URL
How do I restart rabbitmq after switching machines?
Is it safe to write batch files with Unix line endings?
understanding "ip addr change" and "ip addr replace" commands
Exposing multiple servers behind NAT using a single public IP address
ext4 listing of files very slow in one specific directory that contained lots of files before
How to replace permissions and everything inside with icacls on Windows Server 2012?
Cups is not printing with "Filter Failed" message -- how to get more info?
APT FATAL -> Failed to fork