MySqlConnector: .NET 5.0 TLS Errors

When upgrading to .NET 5.0 on Linux and connecting to Aurora (v5.7), we’re getting a OpenSslCryptographicException.

This occurs due to the default TLS cipher suites changing on .NET 5.0 Linux. It can be fixed by providing a custom CipherSuitesPolicy with a less restrictive cipher set.

This is a request to be able to configure the CipherSuitesPolicy (directly, or via a connection string) on .NET5.0.

Stack Trace

OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
AuthenticationException: Authentication failed, see inner exception.
MySqlException: SSL Authentication Error

.NET Breaking Changes Notes

Default TLS cipher suites for .NET on Linux
.NET, on Linux, now respects the OpenSSL configuration for default cipher suites when doing TLS/SSL via the SslStream class or higher-level operations, such as HTTPS via the HttpClient class. When default cipher suites aren't explicitly configured, .NET on Linux uses a tightly restricted list of permitted cipher suites.

Change description
In previous .NET versions, .NET does not respect system configuration for default cipher suites. The default cipher suite list for .NET on Linux is very permissive.

Starting in .NET 5.0, .NET on Linux respects the OpenSSL configuration for default cipher suites when it's specified in openssl.cnf. When cipher suites aren't explicitly configured, the only permitted cipher suites are as follows:

TLS 1.3 cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Since this fallback default doesn't include any cipher suites that are compatible with TLS 1.0 or TLS 1.1, these older protocol versions are effectively disabled by default.

Supplying a CipherSuitePolicy value to SslStream for a specific session will still replace the configuration file content and/or .NET fallback default.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 23 (19 by maintainers)

Commits related to this issue

Most upvoted comments

In practice, the connection string may not be too verbose; only one (mutually supported) cipher suite needs to be listed in order to establish a connection. That is, the minimal Aurora connection string (for .NET 5.0 on Linux) might just be: Server=server.region.rds.amazonaws.com;User Id=user;Password=***;CACertificateFile=/rds-combined-ca-bundle.pem;TlsCipherSuites=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384.

So I’m inclined to just go with that (and not implement TlsCipherSuiteFile).

Are you connecting to Aurora, or to a privately-hosted MySQL Server?

SSL routines:ssl_cipher_list_to_bytes:no ciphers available

AFAICT, the connection is failing because your client can’t negotiate a secure connection. Check the MySQL Manual on how to configure this: https://dev.mysql.com/doc/refman/5.6/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-negotiation

If you can establish a secure connection with some other client (e.g., MySQL Workbench) execute SHOW SESSION STATUS LIKE 'Ssl_cipher'; to see the cipher it’s using, then try to use that in your connection string.

@RyanGhd This is now available on NuGet in 1.2.0.

@bgrainger I’m experiencing the same issue but connecting to Aurora MySQL 5.6 which only supports TLS v1.0. Trying to figure out which cipher suite to include (currently in the openssl.cnf file) I have tried the cipher suite you mention (TLS_DHE_RSA_WITH_AES_256_GCM_SHA384=DHE-RSA-AES256-GCM-SHA384) but it seems it is specific to TLS 1.2

I’m not sure how to find the correct one (can’t find anything useful in AWS doc)… Do you know which one applies here? and how/where to find this info?

Thanks in advance

UPDATE: I have now provisioned a test aurora MySQL 5.7 cluster and validated that the above works properly with 5.7… No luck on 5.6… Is net5.0 no longer compatible with TLS 1.0? Didn’t see anything about it… Also I looked at my Aurora 5.6 server Ssl_cipher_list session variable and it includes DHE-RSA-AES256-GCM-SHA384

UPDATE 2: I have figured it out… It was not really intuitive but I had to raise the Min Tls version to TLSv1.2 in the openssl.cnf file (I think this is so the list of cipher suites can apply). Then I had to explicitly set the TlsVersion to Tlsv1.0 in the Mysql connection string since Aurora MySQL 5.6 supports only 1.0… OUCH!! But it works!

I can release a non-beta version to NuGet soon (if you can’t pull it from GHPR).

Works, and in production now. Thanks again for the thoughtfulness you put into this!