Cannot conect MySQL (error 2026) after upgrade to Ubuntu 20.04

Solution 1:

As a temporary solution you could disable ssl from the command line

$ mysql -h <myserver> -u <myuser> -p --ssl-mode=DISABLED
password:

or by creating a my.cnf file

$ cat /etc/my.cnf  
[client] 
ssl-mode=DISABLED

Solution 2:

Apologies for leaving what should be a comment as an answer (not enough rep), but:

  • since Ubuntu 20.04, it seems like TLS 1.0 and 1.1 have been disabled system-wide.
  • I don't know how to re-enable it (that's how I stumbled across this question)

I have no evidence of this other than openssl s_client -tls1 -connect <some TLSv1-enabled host>:443 doesn't work, and neither can nginx support TLS 1.0 and 1.1 as a server (even being configured correctly) :/.

TLS versions before 1.2 are generally considered unsafe enough to be avoided, which is probably why this has been done.

I'm afraid this only provides half the answer; I hope someone will chime in with a solution to re-enable TLS 1.0 and/or 1.1.


Solution 3:

I have found a solution assuming your MySQL is using OpenSSL and not yaSSL.

Refer to the ssl_cipher configuration variable of MySQL.

Configure a list of ciphers that includes the pseudocipher @SECLEVEL=1.

For example,

ssl_cipher = "DHE-RSA-AES128-GCM-SHA256:AES128-SHA:@SECLEVEL=1"

If you need a more permissive but still secure cipherlist,

"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@SECLEVEL=1"

taken from cipherlist.eu might do the job.


Solution 4:

What worked for me was as described here mysql 5.7 ciphers to enable TLS 1.2:

[mysqld]
tls_version=TLSv1.2

After restarting I was able to import again.