Bug #21429 Unsupported record version Unknown-0.0
Submitted: 3 Aug 2006 13:22 Modified: 4 Aug 2006 16:51
Reporter: Cedric Wider Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.22 OS:Linux (Fedora Core 5)
Assigned to: Magnus Blåudd CPU Architecture:Any

[3 Aug 2006 13:22] Cedric Wider 
Description:
I am trying to connect to the MySql server using Java and SSL. Somehow it seems that the server doesn't handle SSL connections correctly. 
When I see the logfile that was created from the java application I see something like this:
javax.net.ssl.SSLException: Unsupported record version Unknown-0.0

I printed out the SSL object which gave me the following output:
com.sun.net.ssl.internal.ssl.SSLSocketImpl 1feae0f[SSL_NULL_WITH_NULL_NULL: Socket[addr=localhost/127.0.0.1,port=3306,localport=46437]]

My my.cnf looks like this:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
ssl-ca=/etc/mysql/certs/cacert.pem 
ssl-cert=/etc/mysql/certs/server-cert.pem 
ssl-key=/etc/mysql/certs/server-key.pem
     
[mysql.server]
user=mysql
basedir=/var/lib

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

[client]
socket=/var/lib/mysql/mysql.sock

The server states that SSL is running correctly, since  'have_openssl' is set to 'YES' in the VARIABLES.

How to repeat:
 - Install MySql Server 5.0.22 on Fedora Core 5.
 - Generate some certificates and update your my.cnf to make it include those certificates.
 - Try connecting to the server using java.
[3 Aug 2006 13:32] Magnus Blåudd 
It looks like this is a duplicate of http://bugs.mysql.com/bug.php?id=19705

Please try the instructions in there and to get this working.
[3 Aug 2006 14:01] Ralf Hauser 
The same java code appears to work for the Centos 4.3, i.e. the GPL equivalent to:  RedHat Enterprise 4 Update 3 version of 

/usr/libexec/mysqld  Ver 4.1.12 for redhat-linux-gnu on i686 (Source distribution)
[3 Aug 2006 18:01] Ralf Hauser 
oops, only saw Magnus' comment now. So Cedric, I guess 5.0.25 is the way to go...

Just FYI, a correct SSL socket.toString would look like:

1b94ed3[SSL_RSA_WITH_RC4_128_SHA: Socket[addr=localhost/127.0.0.1,port=3306,localport=36461]] 

or preferrably one of the other strong ciphers: TLS_RSA_WITH_AES_128_CBC_SHA - TLS_DHE_RSA_WITH_AES_128_CBC_SHA - TLS_DHE_DSS_WITH_AES_128_CBC_SHA - SSL_RSA_WITH_3DES_EDE_CBC_SHA - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
[4 Aug 2006 16:51] Cedric Wider 
Thanks a lot. Upgrading to version 5.0.25 really solved the problem.
[7 Aug 2006 8:35] Magnus Blåudd 
Thank you for reporting that!