prisma: sslaccept=accept_invalid_certs not working with mysql server 8.0.30

Bug description

After upgrading my MySQL server to 8.0.30, prisma is no longer able to connect.

Error querying the database: Server error: ERROR 08S01 (1043): Bad handshake'

How to reproduce

Deploy a MySQL server with version 8.0.30
Add ?sslaccept=accept_invalid_certs to your DATABASE_URL

Expected behavior

No response

Prisma information

Environment & setup

Database: MySQL 8.0.30
Node.js version: 16.13.0

Prisma Version

prisma                  : 4.2.1
@prisma/client          : 4.2.1
Current platform        : darwin
Query Engine (Node-API) : libquery-engine 2920a97877e12e055c1333079b8d19cee7f33826 (at node_modules/prisma/node_modules/@prisma/engines/libquery_engine-darwin.dylib.node)
Migration Engine        : migration-engine-cli 2920a97877e12e055c1333079b8d19cee7f33826 (at node_modules/prisma/node_modules/@prisma/engines/migration-engine-darwin)
Introspection Engine    : introspection-core 2920a97877e12e055c1333079b8d19cee7f33826 (at node_modules/prisma/node_modules/@prisma/engines/introspection-engine-darwin)
Format Binary           : prisma-fmt 2920a97877e12e055c1333079b8d19cee7f33826 (at node_modules/prisma/node_modules/@prisma/engines/prisma-fmt-darwin)
Default Engines Hash    : 2920a97877e12e055c1333079b8d19cee7f33826
Studio                  : 0.469.0

About this issue

Original URL
State: closed
Created 2 years ago
Reactions: 4
Comments: 20 (8 by maintainers)

Most upvoted comments

@Jolg42 Any intention on fixing this in an upcoming release?

Marcdj-02 on Feb 12, 2023

I could reproduce on Google Cloud SQL with MySQL v8.0.30+ and locally with
version: "3.7"
services:
  mysql803:
    image: mysql:8.0.30
	# This does not change anything
    # command: --default-authentication-plugin=mysql_native_password
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=root
      - MYSQL_DATABASE=tests
      - MYSQL_USER=prisma
    ports:
      - "3306:3306"
.env
DATABASE_URL="mysql://root:root@localhost:3306/16886?sslaccept=accept_invalid_certs"
With Prisma versions, 4.6.1, 4.7.1, 4.8.0. Example with prisma db push (it also errors with Prisma Client)
npx prisma db push
Environment variables loaded from prisma/.env
Prisma schema loaded from prisma/schema.prisma
Datasource "db": MySQL database "16886" at "34.89.164.209:3306"

Error: Migration engine error:
Bad handshake
Removing sslaccept=accept_invalid_certs makes this error disappear.

Release notes of MySQL 8.0.30 https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-30.html

Important Change: For platforms on which OpenSSL libraries are bundled, the linked OpenSSL library for MySQL Server has been updated to version 1.1.1o. Issues fixed in OpenSSL version 1.1.1o are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html. (Bug #34133985)

Release notes of MySQL 8.0.31 https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-31.html

Important Change: For platforms on which OpenSSL libraries are bundled, the linked OpenSSL library for MySQL Server has been updated to version 1.1.1q. Issues fixed in OpenSSL version 1.1.1q are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html. (Bug #34414695)

MySQL 8.0 error reference https://downloads.mysql.com/docs/mysql-errors-8.0-en.pdf

Error number: 1043; Symbol: ER_HANDSHAKE_ERROR; SQLSTATE: 08S01 Message: Bad handshake

Hi @Jolg42 May I ask if we have any plan to fix this bug?

WY-S on Feb 6, 2023

@janpio thanks for following up, confirmed 4.11 fixes my issue

nalham on Apr 23, 2023

I can confirm that the prior reproduction from @Jolg42 does not fail any more with prisma@4.11.0-dev.51 (but did with prisma@4.10.1).

So this should now be fixed in our dev version which you can install via npm install prisma@dev @prisma/client@dev. Regenerate your Prisma Client and try again - and it should work. Would be very helpful if some of you could confirm this is indeed working now. Thanks!

janpio on Feb 24, 2023

Same problem here with ?sslaccept=strict after creating a database on Azure and trying to connect, did exactly the same last week without trouble.

The connexion work with mysql cli

And I was able to restore data from the database, sounds more like a prisma issue no ?

GuillaumeSarfati on Feb 15, 2023

Might be related: https://github.com/prisma/prisma/issues/15641 Same error, same MySQL version, and also trying to connect via SSL (with custom cert however).

P4sca1 on Nov 4, 2022