[MXS-3446] SSL routines:ssl3_read_bytes:tlsv1 alert internal error Created: 2021-03-16  Updated: 2021-08-02  Resolved: 2021-08-02

Status: Closed
Project: MariaDB MaxScale
Component/s: N/A
Affects Version/s: None
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Maria M Pflaum Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 0
Labels: None


 Description   

The following error occurs using Maxscale 2.5.6 after an upgrade. They did not occur when using maxscale 2.4.11.
(tlsv1 alert internal error):
2021-01-11 17:13:16 error : (13) SSL operation failed, Client DCB in state DCB::State::POLLING fd 35 return code 0. More details may follow.
2021-01-11 17:13:16 error : (13) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
2021-01-11 17:13:16 info : Stopped ext1-db01-service client session [13]

After upgrading to Maxscale 2.5.8 the errors stop, but after about 30 minutes they start again.

They are using are using OpenSSL 1.0.2k-fips 26 Jan 2017 on all systems (Client, Maxscale; DB)
OS: centos-release-7-9.2009.1.el7.centos.x86_64 with openssl-Version 1.0.2k-21.el7_9

 Comments   
Comment by markus makela [ 2021-03-16 ]

This is possibly caused by a client that is using either bad certificates or is requesting a TLS version that MaxScale either doesn't support or is configured to not accept. Is it possible to create a reproducible test case with certificates included?

Comment by Stephan [ 2021-03-22 ]

The client use OpenSSL 1.0.2k-fips 26 Jan 2017, the highest available openssl-version on CentOS7.
I've no access on the certificate on the client side.
The certificates on server side are checked and should be correct.

The error still exist.

Comment by Stephan [ 2021-03-25 ]

We found the solution:
The application used mysql JDBC driver.
With maxscale 2.4 without problems, with maxscale 2.5 getting ssl error messages.
Changing to MariaDB connector/J seems to solve the problem.

Comment by markus makela [ 2021-03-25 ]

This would suggest there's something strange going on with the MySQL connector. Perhaps some combination of what the MySQL connector tries to use and what MaxScale uses causes these conflicts. At least we know it's not MaxScale alone since the MariaDB connector works as expected.

Would you know which exact version of the connector is in use?

Comment by Stephan [ 2021-03-26 ]

The application with the bug used com.mysql.jdbc.Driver version 5.1.43
Changing to MariaDB connector/J 2.7.1 solves the error messages.

We've another running application using mysql 8.0.21 without problems.

Comment by markus makela [ 2021-03-26 ]

Do you mean the MySQL 8.0 JDBC driver? If so, I guess this might be a similar problem that was seen in MXS-3169 (the errors are different, unlikely to be related).

Comment by Stephan [ 2021-03-26 ]

mysql 8.0 is running without problems.
We got error messages with mysql 5.1.43.
I know: we shouldn't use such old stuff !

Comment by markus makela [ 2021-03-26 ]

Have you tried if the latest 2.4 release works? The latest 2.4 and 2.5 should behave the same way with regards to SSL.

Comment by markus makela [ 2021-08-02 ]

Closing as Cannot Reproduce as it seems unrelated to MaxScale itself.

Generated at Thu Feb 08 04:21:29 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.