My Redash v7 server can't connect to Amazon RDS MySQL 8.0.28. The error says "SSL connection error: unknown error number". How can I solve this?
The server is running on Docker. Its image is redash/redash:7.0.0.b18042.
I tried replacing ca certificates file to https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem but it didn't work.
Here's the Python script reproduces the error. Run this file on a Redash v7 container and you can see the error message.
import MySQLdb
ssl_params = {'ca': '/app/redash/query_runner/files/rds-combined-ca-bundle.pem'}
connection = MySQLdb.connect(host='<snip>',
user='<snip>',
passwd='<snip>',
db='<snip>',
port=3306,
charset='utf8',
use_unicode=True,
ssl=ssl_params,
connect_timeout=60)
cursor = connection.cursor()
cursor.execute('select count(1) from users')
data = cursor.fetchall()
print(data)
$ python example.py
Traceback (most recent call last):
File "example.py", line 13, in <module>
connect_timeout=60)
File "/usr/local/lib/python2.7/dist-packages/MySQLdb/__init__.py", line 81, in Connect
return Connection(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/MySQLdb/connections.py", line 193, in __init__
super(Connection, self).__init__(*args, **kwargs2)
_mysql_exceptions.OperationalError: (2026, 'SSL connection error: unknown error number')
This error doesn't occur on a Redash v10 container but upgrading to v10 is not an option for now.
I found a workaround by myself.
Upgrading libmysqlclient20 package solved my issue.
libmysqlclient20 package in redash/redash:7.0.0.b18042 image are statically linked to yaSSL which doesn't support TLS v1.2+.
Upgraded libmysqlclient20 package are compiled using OpenSSL which supports TLS v1.2+.
MySQL 8.0.28 dropped support for TLS v1.1. That's why I need the latest libmysqlclient20.
SEE ALSO: https://dev.mysql.com/doc/refman/5.7/en/ssl-libraries.html