Bug #81133 Cannot connect to database server with SSH tunnel without SSL
Submitted: 19 Apr 2016 3:42 Modified: 30 Apr 2016 20:16
Reporter: Mike Bissett Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Workbench Severity:S2 (Serious)
Version:6.3.6 OS:Ubuntu (16.04)
Assigned to: CPU Architecture:Any

[19 Apr 2016 3:42] Mike Bissett 
Description:
When attempting to connect to a remote Mysql server via an SSH tunnel with SSL *disabled* you receive Error Message "SSL connection error: protocol version mismatch".

(See attached screenshot)

How to repeat:
Create a connection to a remote mysql host via an SSH tunnel and Set SSL > Use SSL to No. Attempt Connection, receive Error Message "SSL connection error: protocol version mismatch".

Note connecting to a remote host without the SSH tunnel works as expected.

Suggested fix:
In an attempt to find a solution, I have created and compiled Debug versions of:

mysql-workbench-6.3.6
mysql-5.7-5.7.11
mysql-connector-c++-1.1.7

(from sources provided using apt-get source on ubuntu xenial)

I got non SSL connections to work again by disabling SSL connections all together by changing the following:

--- mysql-5.7-5.7.11.orig/sql-common/client.c   2016-02-02 10:31:58.000000000 +1100
+++ mysql-5.7-5.7.11/sql-common/client.c        2016-04-19 10:02:51.425184615 +1000
@@ -4697,6 +4697,7 @@
 
   MYSQL_TRACE(INIT_PACKET_RECEIVED, mysql, (pkt_length, net->read_pos));
   MYSQL_TRACE_STAGE(mysql, AUTHENTICATE);
+  mysql->options.extension->ssl_mode= SSL_MODE_DISABLED;
 
 #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY)
   if ((mysql->options.extension &&
@@ -4734,7 +4735,7 @@
   }
 
   if (cli_establish_ssl(mysql))
-    goto error;
+      goto error;
 
   /*
     Part 2: invoke the plugin to send the authentication data to the server

I suspect (from a very unknowing knowledge of the codebases and C/++) that the error is caused by mysql-connector-c++-1.1.7 not setting the mysql->options.extension->ssl_mode= SSL_MODE_DISABLED.
[19 Apr 2016 3:43] Mike Bissett 
Screen shot of error message, with SSL setting in background

Attachment: mysql_ssl_error2.png (image/png, text), 55.36 KiB.
[19 Apr 2016 3:43] Mike Bissett 
Log file of connection attempt with SSL error

Attachment: wb-ssl-error.log (text/x-log), 22.14 KiB.
[19 Apr 2016 8:26] MySQL Verification Team 
Bug #81136 marked as duplicate of this one
[26 Apr 2016 21:30] MySQL Verification Team 
testing connection ssh tunnel wihtout SSl

Attachment: tunnel_with_MAC.png (image/png, text), 480.48 KiB.
[26 Apr 2016 21:31] MySQL Verification Team 
connected with MAC OSX using tunnel

Attachment: connected_mac_tunnel.png (image/png, text), 219.65 KiB.
[26 Apr 2016 21:36] MySQL Verification Team 
I couldn't repeat on Ubuntu 15.04 maybe only repeatable on 16.04?.
[26 Apr 2016 23:33] Mike Bissett 
Ive only managed to replicate on 16.04, was working on 16.04 until about 3 Weeks ago, then after update it stopped. Also note this problem is from using the ssh tunnel feature in workbench, not when you setup your own tunnel manually.
[27 Apr 2016 0:09] MySQL Verification Team 
Thank you for the feedback. Also with WorkBench feature I couldn't repeat on 15.04 Ubuntu.
[30 Apr 2016 20:16] MySQL Verification Team 
Thank you for the feedback. Just did the upgrade from Ubuntu 15.04 to 16.04 and still can't repeat. Just a note: During the upgrade process I removed obsolete packages.