Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-527

Connect error "SEC_E_ALGORITHM_MISMATCH" from Windows to Ubuntu server

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Not a Bug
    • Affects Version/s: 3.1.11
    • Fix Version/s: N/A
    • Component/s: TLS/SSL
    • Labels:
    • Environment:
      Client is Windows 10, Server is MariaDB 10.5.8 on Ubuntu 20.04

      Description

      The MariaDB connector on Windows seems unable to connect to a MariaDB server running on Ubuntu. Although the error (coming from MS Secure Channel) suggests a cipher mismatch, inspection of the ciphers supported on both sides shows 14 ciphers in common, one of which was selected by the server in the Server Hello.

      The MySQL connector/C connects fine from Windows to the same MariaDB.

      Inspection of the packets using Wireshark did not show an obvious problem. The Client Hello and Server Hello seemed ok (to a non-TLS expert). Stepping through the MariaDB Connector code on the Windows side also didn't show any obvious problem.

      I've reached the limits of the debugging that I can do in this context. Are there other errors which MS will put into the "SEC_E_ALGORITHM_MISMATCH" return code? Are there any other known problems with MariaDB Connector/C on Windows? Any other ideas?

      Wireshark files and (example self-signed) certificates are available.

      To replicate:
      (1) Have MariaDB 10.5.8 running on Ubuntu 20.04
      In the config file have three lines
      ssl-ca=/path/to/rootCA2.crt
      ssl-cert=/path/to/sqlserver2.crt
      ssl-key=/path/to/sqlserver2.key
      add new user as
      CREATE USER 'testuser'@'%' IDENTIFIED BY 'ChangeMe' REQUIRE X509;

      (2) On Windows, use the command
      "C:\Program Files\MariaDB 10.5\bin\mysql.exe" --ssl-cert=C:\Path\to\sqlclient2.crt --ssl-ca=C:\Path\to\rootCA2.crt --ssl-key=C:\Path\to\sqlclient2.key --user=testuser -pChangeMe --host=<ubuntu_hostname> --protocol=tcp --port=3306 --default-character-set=utf8

      This should give the error
      ERROR 2026 (HY000): SSL connection error: no cipher match. Error 0x80090331(SEC_E_ALGORITHM_MISMATCH)

      Apologies if there is anything wrong with these settings, but I feel I have tried as many permutations as I can think of.

      Thanks.

        Attachments

        1. image-2021-09-25-18-55-02-471.png
          image-2021-09-25-18-55-02-471.png
          263 kB
        2. rootCA2.crt
          1 kB
        3. sqlclient2.crt
          1 kB
        4. sqlclient2.key
          2 kB
        5. sqlserver2.crt
          1 kB
        6. sqlserver2.key
          2 kB
        7. wsl2_handshake_bad.pcap
          4 kB

          Issue Links

            Activity

              People

              Assignee:
              wlad Vladislav Vaintroub
              Reporter:
              mwbaxter Martin Baxter
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Git Integration