[#MXS-2356] Can't connect to maxscale 2.3 on centos with SequelPro client on Mac

[MXS-2356] Can't connect to maxscale 2.3 on centos with SequelPro client on Mac Created: 2019-02-27 Updated: 2020-08-25 Resolved: 2019-09-05
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	N/A
Affects Version/s:	2.3.3, 2.3.4
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Hartmut Holzgraefe

Assignee:

markus makela

Resolution:

Won't Fix

Votes:

Labels:

None

Attachments:

dump.tcp

dump2.tcp

maxscale.cnf

Sprint:

MXS-SPRINT-79, MXS-SPRINT-80, MXS-SPRINT-81

Description

With MaxScale installed on CentOS 7.6 the SequelPro client application on MacOS can connect via SSL just fine with latest MaxScale 2.2.x, but not when running 2.3.x

When using Ubuntu 18.04LTS instead of CentOS there's no issue with SSL connections to 2.3.x

MaxScale log reports:

Feb 26 21:55:32 maxscale maxscale[6157]: User @10.0.2.2 connect to service 'Read-Write-Service' with SSL in progress.

Feb 26 21:55:32 maxscale maxscale[6157]: SSL operation failed, dcb 0x12cf550 in state DCB_STATE_POLLING fd 30 return code -1. More details may follow.

Feb 26 21:55:32 maxscale maxscale[6157]: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number

Comments

Comment by markus makela [ 2019-04-01 ]

Does rolling back to 2.2 fix it?

Comment by Hartmut Holzgraefe [ 2019-04-01 ]

As far as I remember I switched back and forth between 2.2 and 2.3 when testing, so: yes

Comment by markus makela [ 2019-04-09 ]

hholzgra Can you please provide the configuration you used? Did you define any additional SSL options apart from the paths to the certificates?

Comment by Hartmut Holzgraefe [ 2019-04-09 ]

Not 100% sure, but it should have been as attached

Comment by markus makela [ 2019-04-12 ]

The SSL context creation code is almost identical between 2.2 and 2.3 so it can't be that.

Comment by markus makela [ 2019-04-17 ]

As it works on some operating systems but not on others, I would expect the MaxScale code to be correct in 2.3. Perhaps it is somehow related to the system SSL configuration?

Comment by markus makela [ 2019-04-25 ]

What version of SequelPro does this happen with?

Comment by Hartmut Holzgraefe [ 2019-04-25 ]

I installed using sequel-pro-1.1.2.dmg

Comment by markus makela [ 2019-04-29 ]

Happened to find this: https://github.com/openssl/openssl/issues/2638#issuecomment-280207387
If this relates to a behavior change in OpenSSL on CentOS 7 that would mean both 2.2 and 2.3 should both fail.

Comment by Georg Richter [ 2019-04-29 ]

Hartmut, could you please provide a tcp dump?

Comment by Hartmut Holzgraefe [ 2019-07-24 ]

dump.tcp contains failed connection attempt by Sequel Pro

dump2.tcp a successful connect with mysql cli in comparison

Comment by Hartmut Holzgraefe [ 2019-09-05 ]

It would still be interesting to know why it fails when running MaxScale on CentOS 7, but works when running it on latest Ubuntu LTS

maybe we should re-file this as a connector issue?

Generated at Thu Feb 08 04:13:32 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-2356] Can't connect to maxscale 2.3 on centos with SequelPro client on Mac Created: 2019-02-27 Updated: 2020-08-25 Resolved: 2019-09-05