Hello,

I have set up a secure SSL connection between a Mariadb client and a Mariadb server. I use HeidiSQL client (compiled with MariaDB Connector C).

When upgrading the server from OpenSSL 2.x to the latest version of OpenSSL 3.x, the client will refuse to connect and closes the connection with error: SEC_E_ALGORITHM_MISMATCH.

The logs of the server are not helpful either. The server only sees an aborted connection from the client.

Aborted connection 3 to db: 'unconnected' user: 'unauthenticated' host: '192.168.1.61' (This connection closed normally without authentication).

I initially submitted a ticket to HeidiSQL team, but the problem was not related:
https://github.com/HeidiSQL/HeidiSQL/issues/1426
Here another user complains for the same reasons and exact same symptoms, with a lot more details:
https://github.com/HeidiSQL/HeidiSQL/issues/1768
Note that HeidiSQL uses the version of MariaDB C Connector linked with SChannel.

I have submitted an issue to OpenSSL as well and explained the problems in great details here:
https://github.com/openssl/openssl/issues/20138
From there, it looks like for some reason the client is unable to find a common signature algorithm with the server. Can this be a misusage of SChannel?

Please find attached the Wireshark capture (same as Openssl GitHub issue above #20138)

Note: this is probably a duplicate from: CONC-527
And even though the solution proposed works, using a less secure cipher level in OpenSSL is not an acceptable solution.
With all the new evidences gathered in the investigations above, I hope we can finally find the culprit and fix once and for all

Thanks a lot, best regards