Can no longer connect to RDS MySQL after upgrading to Ubuntu 20.04 (rails)

Question

I am sometimes connecting to a remote MySQL hosted on AWS RDS.

But since I have upgraded to Ubuntu 20.04, ruby is no longer able to connect to RDS/MySQL

Getting this error.

SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol (Mysql2::Error::ConnectionError)
  /home/mathieu/.rvm/rubies/ruby-2.5.8/lib/ruby/gems/2.5.0/gems/mysql2-0.5.3/lib/mysql2/client.rb:90:in `connect'
  /home/mathieu/.rvm/rubies/ruby-2.5.8/lib/ruby/gems/2.5.0/gems/mysql2-0.5.3/lib/mysql2/client.rb:90:in `initialize'
  /home/mathieu/.rvm/rubies/ruby-2.5.8/lib/ruby/gems/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/mysql2_adapter.rb:25:in `new'
  /home/mathieu/.rvm/rubies/ruby-2.5.8/lib/ruby/gems/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/mysql2_adapter.rb:25:in `mysql2_connection'

My first reflex was to delete the mysql2 gem and reintall it, so the C extension uses the currently installed openssl libraries and friend.

it did not worked, so I deleted all my installed rubies ( I am using rvm ) and I have reinstalled them.

And I am getting the same error on the command line, unless I disable SSL

$ mysql -u foo1mysql -p -h foo1mysql.us-east-1.rds.amazonaws.com foo1mysql_staging 
Enter password: 
ERROR 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

$ mysql -u foo1mysql -p -h foo1mysql.rds.amazonaws.com foo1mysql --ssl-mode=disabled
Enter password: 
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 20933
Server version: 5.6.41-log Source distribution

mysql> select count(*) from accounts;
+----------+
| count(*) |
+----------+
|       20 |
+----------+
1 row in set (0.37 sec)

mysql> ^DBye

$ mysql -u foo1mysql -p -h foo1mysql.rds.amazonaws.com foo1mysql --ssl-mode=required
Enter password: 
ERROR 2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
$ 

now I am looking at specify the ssl_mode=disabled via my config/database.yml but it would be better to have SSL enabled.

anyone else got into this issue? some parameter I can enable on RDS maybe?

Found this related question on serverfault https://serverfault.com/questions/1014747/cant-connect-to-remote-mysql-5-6-server-from-local-mysql-8-0-client-ssl-protoc

someone in a comment suggest I upgrade the MySQL server on the RDS instance. From 5.6.41 to 5.6.46, but apparently I can't because I am on m1.small and I can't move to t2.small or t3.small for some different RDS reason....

Answer 1

Turns out my RDS instance was indeed too old (Created in 2015) Although I had recently done the recent SSL CA forced upgrade. I could no longer connect.

I could not do a simple bump of MySQL revision because I was using m1.small which is too old. and switching to t3.small was not available in my availability region. and after having verified with their support, switching availability region is not possible.

so I did a snapshot. and I restored my snapshot into a t3.small after that, I could bump the mysql revision on my newly created instance.

problem solved.

small inconvenient, I needed to update the configuration everywhere this RDS was used and finally I killed the old one.