Solving the Enigmatic MariaDB 11 Error: “CLI ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it”
Image by Nicostratus - hkhazo.biz.id

Solving the Enigmatic MariaDB 11 Error: “CLI ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it”

By Posted on
Table of Contents
  1. Understanding the Error: A Brief Background
  2. Prerequisites: Ensuring a Smooth Resolution
  3. Step 1: Verify the Server Configuration
  4. Step 2: Configure SSL/TLS Encryption on the Server
  5. Step 3: Configure the Client to Use SSL/TLS Encryption
  6. Conclusion
  7. Additional Tips and Considerations

A Comprehensive Guide to Overcoming the TLS/SSL Conundrum When Connecting to MariaDB 10.4 with MariaDB 11 (also MySQL)

Are you perplexed by the mysterious error message “CLI ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it” when attempting to connect to MariaDB 10.4 using MariaDB 11 (or MySQL)? Fear not, dear reader, for you have stumbled upon the ultimate solution to this cryptographic conundrum. In this exhaustive guide, we will delve into the root cause of this error, explore the necessary prerequisites, and provide step-by-step instructions to rectify this issue once and for all.

Understanding the Error: A Brief Background

The error “CLI ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it” arises when the client, in this case, MariaDB 11 (or MySQL), attempts to establish a secure connection to the MariaDB 10.4 server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption. However, the server does not support this encryption, leading to the error.

Prerequisites: Ensuring a Smooth Resolution

Before we embark on the solution, make sure you have the following:

  • MariaDB 11 (or MySQL) installed and configured on the client machine.
  • MariaDB 10.4 installed and configured on the server machine.
  • Root or administrative access to both the client and server machines.
  • A basic understanding of command-line interfaces and MySQL commands.

Step 1: Verify the Server Configuration

To begin, let’s inspect the server configuration to identify the root cause of the issue. Connect to the MariaDB 10.4 server using the command-line client:

mysql -h  -u  -p

In the MySQL prompt, execute the following command to check the SSL/TLS encryption status:

SHOW VARIABLES LIKE '%ssl%';

The output should resemble the following:

Variable_name Value
have_ssl DISABLED
have_tls DISABLED
ssl_ca
ssl_capath
ssl_cert
ssl_crl
ssl_crlpath
ssl_key

As you can see, the `have_ssl` and `have_tls` variables are set to `DISABLED`, indicating that the server does not support SSL/TLS encryption.

Step 2: Configure SSL/TLS Encryption on the Server

To enable SSL/TLS encryption on the MariaDB 10.4 server, follow these steps:

  1. Generate the necessary SSL/TLS certificates:
    2. openssl req -x509 -newkey rsa:2048 -nodes -keyout /etc/mysql/ssl-cert/server.key -out /etc/mysql/ssl-cert/server.crt -days 365 -subj "/C=US/ST=State/L=Locality/O=Organization/CN=server_hostname"
  2. Create a configuration file for the SSL/TLS settings:
    3. sudo nano /etc/mysql/mariadb.conf.d/ssl.cnf

    Add the following lines to the file:

    [server]
ssl_cert = /etc/mysql/ssl-cert/server.crt
ssl_key = /etc/mysql/ssl-cert/server.key
ssl_ca = /etc/mysql/ssl-cert/ca.crt
ssl_capath = /etc/mysql/ssl-cert/
  3. Restart the MariaDB 10.4 server:
    4. sudo systemctl restart mariadb
  4. Verify the SSL/TLS encryption status:
    5. mysql -h  -u  -p -e "SHOW VARIABLES LIKE '%ssl%'"

    The output should now display `ENABLED` for the `have_ssl` and `have_tls` variables:


    Variable_name Value
    have_ssl ENABLED
    have_tls ENABLED

    Step 3: Configure the Client to Use SSL/TLS Encryption

    Now that the server is configured to support SSL/TLS encryption, let’s modify the client configuration to utilize this encryption:

    mysql -h  -u  -p --ssl-ca=/etc/mysql/ssl-cert/ca.crt --ssl-cert=/etc/mysql/ssl-cert/client.crt --ssl-key=/etc/mysql/ssl-cert/client.key

    Replace `/etc/mysql/ssl-cert/` with the actual path to your SSL/TLS certificates.

    Conclusion

    By following these comprehensive steps, you should now be able to successfully connect to the MariaDB 10.4 server using MariaDB 11 (or MySQL) without encountering the “CLI ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it” error. Remember to adapt the configuration files and paths according to your specific environment.

    In conclusion, this tutorial has provided a thorough guide to resolving the TLS/SSL conundrum when connecting to MariaDB 10.4 using MariaDB 11 (or MySQL). By understanding the error, configuring the server to support SSL/TLS encryption, and modifying the client to utilize this encryption, you have successfully overcome this hurdle and ensured a secure connection between your client and server.

    Additional Tips and Considerations

    For added security, consider implementing the following:

  • Use a secure password for the MariaDB 10.4 server.
  • Regularly update your SSL/TLS certificates to maintain their validity.
  • Implement a firewall to restrict access to the MariaDB 10.4 server.
  • Monitor your server logs for suspicious activity.

By following these best practices, you will have a robust and secure environment for your MariaDB 10.4 server and client connections.

Happy connecting!

Frequently Asked Question

Get the inside scoop on resolving the pesky “CLI ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it” issue when connecting to MariaDB 10.4 with MariaDB 11 (also MySQL)!

This error occurs when the client (MariaDB 11) tries to establish a secure connection with the server (MariaDB 10.4) using SSL/TLS, but the server doesn’t support it or has SSL/TLS disabled. This mismatch in configuration leads to the error.

Is this error specific to MariaDB 11, or can it occur with other versions as well?

No, this error is not exclusive to MariaDB 11. Any client version that has SSL/TLS enabled by default can encounter this issue when connecting to a server that doesn’t support SSL/TLS, including MySQL clients.

How do I fix this error without disabling SSL/TLS on the client-side?

To resolve this issue, you can either enable SSL/TLS on the MariaDB 10.4 server or use the `–ssl-mode=DISABLED` option when connecting to the server from the MariaDB 11 client. This will allow the connection to proceed without SSL/TLS.

What are the risks of disabling SSL/TLS on the client-side or server-side?

Disabling SSL/TLS can expose your data to interception and eavesdropping, potentially leading to security breaches. It’s essential to weigh the risks and consider enabling SSL/TLS on both the client and server to ensure secure data transmission.

Are there any other solutions or workarounds for this error?

Yes, you can also consider upgrading the MariaDB 10.4 server to a version that supports SSL/TLS, using a different client library that doesn’t require SSL/TLS, or implementing other security measures, such as IP whitelisting or firewall rules, to restrict access to the server.