I get a connection failure when I try to connect to my MySQL server in Azure from my app/client, which does not have SSL enabled. The error message is as follows:
SSL connection is required. Please specify SSL options and retry.
Is SSL mandatory when connecting to a MySQL server in Azure? Is there a way I can circumvent this requirement?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
By default, Azure Database for MySQL enforces SSL connections between your server and your client applications to protect against MITM (man in the middle) attacks. This is done to make the connection to your server as secure as possible.
Although not recommended, you have the option to disable requiring SSL for connecting to your server if your client application does not support SSL connectivity. Please check How to Configure SSL Connectivity for your MySQL server in Azure for more details. You can disable requiring SSL connections from either the portal or using CLI. Note that Azure does not recommend disabling requiring SSL connections when connecting to your server.
Method 2
Option 1
In Azure portal under”Azure Database for MySQL servers”
1) Choose the MySql server
2) Go to Pricing tier -> Enforce SSL connection and select DISABLED option -> save
Option 2
1) Download the certifccate from https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem
2) Connect to MySql server with these certificate
mysql -h mydemoserver.mysql.database.azure.com -u <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="673214021509060a02270a1e03020a08140215110215">[email protected]</a> -p --ssl-ca=/opt/ssl/BaltimoreCyberTrustRoot.crt.pem
Method 3
From Docker Container to Azure MYSQL connection over SSL:
My case was slightly different but I am writing it here because the azure document https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl doesn’t tell in detail actually how the application talks to MYSQL from a docker container.
In my case I was connecting to Azure MYSQL with a docker container. I enabled the SSL setting on my MYSQL server and verified the connection using sql workbench and I was able to connect it from my local using BaltimoreCyberTrustRoot.crt.pem over SSL. But my application was throwing error message –
SSL connection is required. Please specify SSL options and retry.
I was passing the DATABASE_SSL_CERT: /etc/ssl/certs/BaltimoreCyberTrustRoot.crt.pem in my docker compose yml file.
I got to know that there are n in the pem file that sometimes are interpreted as something else in the docker environment var. n can be seen in each line if you open in notepad++
What I did to fix that is I converted the pem file to base64 and updated the same in yml file. Something like –
DATABASE_SSL_CA: LS0tLS1CRUdJTiBDRVJUSUZ...=
In some cases it also needs-
DATABASE_SSL_ENABLE: "true" to force SSL connection to MYSQL.
My new yml looks like-
version: "2.2"
services:
redis:
image: redis:3.2.6
ckeditor-cs:
image: docker.cke-cs.com/cs:3.9.1
depends_on:
- redis
ports:
- "8000:8000"
restart: always
init: true
environment:
DATABASE_DRIVER: mysql
DATABASE_HOST: efg.mysql.database.azure.com
DATABASE_USER: <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="582d2b3d2a183c3a">[email protected]</a>
DATABASE_PASSWORD: PASS
DATABASE_PORT: 3306
DATABASE_SSL_CA: LS0tLS1CRUdJTiB............S0=
DATABASE_SSL_ENABLE: "true"
REDIS_HOST: redis
ENVIRONMENTS_MANAGEMENT_SECRET_KEY: ABC
LICENSE_KEY: XYZ
volumes:
- ~/ckeditor-cloudservice/easyimage_files:/var/cs/easyimageNow everything is working as expected.
Method 4
The reason is the SSL settings is ENABLED in the setting of Azure Database of MySQL Servers
You can choose to disable it as below:
- Go to Azure portal under “Azure Database for MySQL servers”
- Choose the MySql server
- Go to the Connection security menu
- Go to the SSL Settings section
- Enforce SSL connection and select DISABLED option
- Click the Save button at the top of the page
Method 5
Though it is not recommended,
here is complete detail How to disable ssl
but in short.
choose “server parameters” and serach for require_secure_transport and set the value to off.
you also configure ssl in simple steps as mentioned here.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0