我收到 SSL 连接错误:无法获取私钥

tag-icon tag-icon mysql ssl ssl-certificate openssl
我收到 SSL 连接错误:无法获取私钥
  • CA(这是一个中间证书)私钥ECDSA
  • 来自 CA 的 SERVER-CERT - 私钥ECDSA
  • 来自 CA 的 CLIENT-CERT - 私钥ECDSA

我正在使用 ECDSA 私钥(客户端证书)和证书与 MYSQL 数据库建立 SSL 连接。密钥没有密码(未加密)

要解密私钥:

openssl ec -in db_key1.pem -out db_key.pem

用户被要求提供 SSL:

GRANT ALL PRIVILEGES ON *.* TO 'ssluser'@'%' IDENTIFIED BY 'secret' REQUIRE SSL;
FLUSH PRIVILEGES;

当我使用以下命令连接时:

mysql --verbose  --ssl-ca=root.pem  --ssl-cert=db.pem --ssl-key=db_key.pem --host database --port 3306 -u ssluser -p

我收到以下错误:

ERROR 2026 (HY000): SSL connection error: Unable to get private key

我最初的猜测是这些文件没有设置适当的权限,然后我将这些文件添加到mysql:mysql。但我仍然收到相同的错误。

MYSQL 只支持 RSA 还是支持 ECDSA。而且大多数文档都是基于 RSA 的。

文档,我可以看到支持以下密码。

ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-DSS-AES128-SHA
DHE-RSA-AES128-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
DHE-RSA-AES256-SHA
AES128-GCM-SHA256
DH-DSS-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
AES256-GCM-SHA384
DH-DSS-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
AES128-SHA256
DH-DSS-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
AES256-SHA256
DH-DSS-AES256-SHA256
ECDH-ECDSA-AES256-SHA384
AES128-SHA
DH-DSS-AES128-SHA
ECDH-ECDSA-AES128-SHA
AES256-SHA
DH-DSS-AES256-SHA
ECDH-ECDSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DH-RSA-AES128-GCM-SHA256
ECDH-RSA-AES128-GCM-SHA256
DH-RSA-AES256-GCM-SHA384
ECDH-RSA-AES256-GCM-SHA384
DH-RSA-AES128-SHA256
ECDH-RSA-AES128-SHA256
DH-RSA-AES256-SHA256
ECDH-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-DSS-AES128-SHA
DHE-RSA-AES128-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
DHE-RSA-AES256-SHA
AES128-SHA
DH-DSS-AES128-SHA
ECDH-ECDSA-AES128-SHA
AES256-SHA
DH-DSS-AES256-SHA
ECDH-ECDSA-AES256-SHA
DH-RSA-AES128-SHA
ECDH-RSA-AES128-SHA
DH-RSA-AES256-SHA
ECDH-RSA-AES256-SHA
DES-CBC3-SHA

--ssl-cipher='ECDHE-ECDSA-AES128-GCM-SHA256'我尝试在 mysql 命令中设置

答案1

事实证明这是 MySQL 服务器的一个 Bug/限制。

相关内容