MySQL SSL encrypted connection can't be established by using < mysql-5.7.6 as server and >=openssl-1.0.1n on the client site by using Diffie-Hellman related ciphers. Reason for this is the minimum DH parameters size of 768 bits, which has been implemented in openssl-1.0.1n. <mysql-5.7.6 is using hard coded 512 bit (vio/viosslfactories.c) DH parameter which will not be accepted by client. Error: SSL connection error: error:00000001:lib(0):func(0):reason(1) Related links: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-6.html https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes Workaround: # /etc/mysql/my.cnf [mysql] ssl-cipher = DEFAULT:!DH [mysqld] ssl-cipher = DEFAULT:!DH
This should be fixed in the next version of 5.5 and 5.6 series, whenever they are released.
Fixed with versions 5.5.45 and 5.6.26