SSL Cipher support #935
Description
Issue description
I have a Go application that connects to a MySQL database that was recently migrated to using SSL connections. When I use TLS with the default cipher, my application is able to connect. However, when I explicitly set the SSL cipher to ssl-cipher=DHE-RSA-AES256-SHA, I am unable to interact with the database. The initial sql.Open() is successful, but any commands that send packets to the MySQL server produce an error. In the MySQL logs, I see bad handshake.
I was expecting the driver to negotiate the SSL Cipher with the server, or provide me an option to specify it. As I require the skip-verify due to self-signed certificates, specifying a custom TLS configuration didn't seem to be an option.
Example code
import (
"database/sql"
"io/ioutil"
"strings"
"text/template"
log "github.com/sirupsen/logrus"
// Import runtime for MySQL
mysql "github.com/go-sql-driver/mysql"
)
type DatabaseConnection struct {
Hostname string
Port int
Database string
Username string
Password string
}
func CreateSSLConnection(db *DatabaseConnection) (*sql.DB, error) {
templateString := `{{.Username}}:{{.Password}}@{{.Hostname}}:{{.Port}}/{{.Database}}?tls=skip-verify`
conn, err := connectToDatabase("mysql", templateString, db)
// error: "unexpected EOF"
err = conn.Ping()
return conn, err
}
func connectToDatabase(databaseType string, connectionTemplateString string, db *DatabaseConnection) (*sql.DB, error) {
connectionTemplate := template.Must(template.New("connectionString").Parse(connectionTemplateString))
builder := strings.Builder{}
err := connectionTemplate.Execute(&builder, db)
if err != nil {
log.WithFields(log.Fields{
"template": connectionTemplateString,
"error": err,
}).Error("Failed to create connection string")
return nil, err
}
return sql.Open(databaseType, builder.String())
}Error log
[MySQL Server] Bad Handshake
[Go] unexpected EOF
Configuration
Driver version (or git SHA): v1.3.0
Go version: go1.11.1 darwin/amd64
Server version: MySQL 5.7
Server OS: SUSE 12, CentOS 6.9