我有时需要连接托管在AWS RDS上的远程MySQL。
但是自从我升级到Ubuntu 20.04后,Ruby无法连接到RDS/MySQL了。
出现以下错误:
SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol (Mysql2::Error::ConnectionError)
/home/mathieu/.rvm/rubies/ruby-2.5.8/lib/ruby/gems/2.5.0/gems/mysql2-0.5.3/lib/mysql2/client.rb:90:in `connect'
/home/mathieu/.rvm/rubies/ruby-2.5.8/lib/ruby/gems/2.5.0/gems/mysql2-0.5.3/lib/mysql2/client.rb:90:in `initialize'
/home/mathieu/.rvm/rubies/ruby-2.5.8/lib/ruby/gems/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/mysql2_adapter.rb:25:in `new'
/home/mathieu/.rvm/rubies/ruby-2.5.8/lib/ruby/gems/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/mysql2_adapter.rb:25:in `mysql2_connection'
我第一时间想到的是删除mysql2 gem并重新安装,这样C扩展就会使用当前安装的openssl库和相关依赖。
但这并没有起作用,所以我删除了所有已安装的Rubies(我正在使用rvm),然后重新安装它们。
但在命令行中仍然出现相同的错误,除非我禁用SSL。
$ mysql -u foo1mysql -p -h foo1mysql.us-east-1.rds.amazonaws.com foo1mysql_staging
Enter password:
ERROR 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
$ mysql -u foo1mysql -p -h foo1mysql.rds.amazonaws.com foo1mysql --ssl-mode=disabled
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 20933
Server version: 5.6.41-log Source distribution
mysql> select count(*) from accounts;
+----------+
| count(*) |
+----------+
| 20 |
+----------+
1 row in set (0.37 sec)
mysql> ^DBye
$ mysql -u foo1mysql -p -h foo1mysql.rds.amazonaws.com foo1mysql --ssl-mode=required
Enter password:
ERROR 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
$
我现在正在查看如何通过我的config/database.yml指定ssl_mode=disabled
,但启用SSL会更好。
有其他人遇到过这个问题吗?也许我可以在RDS上启用某些参数?
在serverfault上发现了这个相关的问题: https://serverfault.com/questions/1014747/cant-connect-to-remote-mysql-5-6-server-from-local-mysql-8-0-client-ssl-protoc
一位评论中的人建议我将RDS实例上的MySQL服务器升级从5.6.41到5.6.46,但是显然我不能这样做,因为我使用的是m1.small,无法因为一些不同的RDS原因移动到t2.small或t3.small....