Bug #106459 Cannot disable TLS in MySQL 8.0.28
Submitted: 14 Feb 2022 15:48 Modified: 15 Jul 2022 17:59
Reporter: Hans Smit Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Options Severity:S3 (Non-critical)
Version:8.0.28 OS:Windows
Assigned to: CPU Architecture:Any

[14 Feb 2022 15:48] Hans Smit 
Description:
Hello,

According to this documentation:
https://dev.mysql.com/doc/refman/8.0/en/server-options.html#option_mysqld_ssl
I should be able to disable use of encrypted connections by using this setting in my.ini:

[mysqld]
tls_version=''

However, starting mysql with this setting logs this error:
2022-02-14T15:37:51.964925Z 0 [ERROR] [MY-013835] [Server] Option --tls-version or --admin-tls-version is set to an invalid value .
2022-02-14T15:37:51.965779Z 0 [ERROR] [MY-010119] [Server] Aborting

I am only able to disable TLS using deprecated setting --ssl=off, which results in warning:
2022-02-14T15:24:10.561551Z 0 [Warning] [MY-011068] [Server] The syntax '--ssl=off' is deprecated and will be removed in a future release. Please use --tls-version=invalid instead.

and using setting --tls-version=invalid, recommended here results in:
2022-02-14T14:51:34.815140Z 0 [ERROR] [MY-013835] [Server] Option --tls-version or --admin-tls-version is set to an invalid value invalid.

How to repeat:
Try to start MySQL 8.0.28 with my.ini setting:

[mysqld]
tls_version=''

Suggested fix:
Allow disabling of TLS by setting the recommended values.
And log the correct recommended values if using a deprecated option.
[15 Feb 2022 5:27] MySQL Verification Team 
Hello Hans Smit,

Thank you for the report and feedback.

regards,
Umesh
[15 Jul 2022 17:59] Margaret Fisher 
Posted by developer:
 
Changelog entry added for MySQL 8.0.31:

The alternative for the deprecated  --ssl=off server option to disable the use of encrypted connections was not working as documented, or as presented in the deprecation warning. Setting the tls_version system variable to the empty value ( tls_version=')  now works correctly for this purpose.
[22 Mar 2024 23:38] Maxim Masiutin 
Despite the message that this bug was fixed in 8.0.31, it still exists (reappeared) in 8.0.36, because with tls-version='' I get another two warnings: "Failed to initialize TLS for channel: mysql_main. See below for the description of exact issue." and "Failed to set up SSL because of the following SSL library error: TLS version is invalid".

Let me give you a few details:

If I use `tls-version=''` in the config file, I'm getting the following warnings in the log:
```
[Warning] [MY-013595] [Server] Failed to initialize TLS for channel: mysql_main. See below for the description of exact issue.
[Warning] [MY-010069] [Server] Failed to set up SSL because of the following SSL library error: TLS version is invalid
```

If I use `ssl=off`, I get the following warning:
```
[Warning] [MY-011068] [Server] The syntax '--ssl=off' is deprecated and will be removed in a future release. Please use --tls-version='' instead.
```
As you see from this warning message, the server suggests me (`Please use --tls-version='' `) to use the option that I initially described as one that gives a warning.

I also used the `skip_ssl` which is an alias for `ssl=off`, hence, it gives the same warning, that it is deprecated and will be removed in a future release.

How can I properly disable SSL in MySQL version 8.0.36 or later so that I didn't have a warning in the config file on deprecated feature or failed to initialize or a version is invalid?

There was a similar report about the same problem in MySQL version 8.0.26 at https://serverfault.com/questions/1090043/ssl-off-error-in-mysql-8-0-26-service-startup but it was supposedly fixed in MySQL 8.0.31 according to https://bugs.mysql.com/bug.php?id=106459 -- however, this information is incorrect as I use MySQL 8.0.36 and the bug is still not fixed.

See more information at https://serverfault.com/questions/1156702/how-can-i-disable-ssl-tls-in-mysql-8-0-36