Bug #111489 Add TLS_VERSION check for upgrades from versions < 8.0.28
Submitted: 19 Jun 2023 21:02 Modified: 20 Jun 2023 5:09
Reporter: Marc Reilly Email Updates:
Status: Verified Impact on me:
None 
Category:Shell Upgrade Checker Severity:S4 (Feature request)
Version:8.0.28 OS:Any
Assigned to: CPU Architecture:Any
Tags: deprecated option, upgrade checker.tls_version

[19 Jun 2023 21:02] Marc Reilly 
Description:
Hi,
The tlsv1,tlsv1.1 options were deprecated in MySQL 8.0.26 and removed in MySQL 8.0.28. Should a user have tls_version in their cnf file containing any combination of these values the server will fail to startup. 
Thanks,
Marc

How to repeat:
1. Add TLS_VERSION to MySQL < 8.0.28 cnf file. Here I'm explicitly setting the pre-8026 default:
$ grep tls_version my.cnf
tls_version='tlsv1,tlsv1.1,tlsv1.2,tlsv1.3'

2. Upgrade to 8.0.28+

3. MySQL will fail to come up. 
2023-06-19T20:59:36.164021Z 0 [ERROR] [MY-013835] [Server] Option --tls-version or --admin-tls-version is set to an invalid value tlsv1,tlsv1.1,tlsv1.2,tlsv1.3.
2023-06-19T20:59:36.164082Z 0 [ERROR] [MY-010119] [Server] Aborting

Suggested fix:
Add a check to checkForServerUpgrade to detect unsupported tlsv1,tlsv1.1 options for tls_version in the cnf file and notify users. This can reduce the risk of users hitting this on upgrade.
[20 Jun 2023 5:09] MySQL Verification Team 
Hello Marc,

Thank you for the reasonable feature request.

regards,
Umesh