Hi,
We are encountering a "The handshake failed due to an unexpected packet format." error on a customer DMA which seems to be caused by an SSL/TLS issue.
Their setup consists of a master server that is used in production and slave server that replicates the master server for testing. The element is using the Generic Database driver and is connecting to their MySQL database. Connections from the MySQL workbench and client to both the master and slave server are working fine. The DMA element is able to run queries on the slave server but the "handshake failed" issue occurs on the master server. The master and slave both support TLSv1.2 and older versions. A workaround is to explicitly disable SSL by setting "SSL Mode=None" in the connection string. Then queries are able to execute on the master server but this does not solve the root problem.
When connecting from the MySQL client, the following cipher is used:
Master server: DHE-RSA-AES128-GCM-SHA256
Slave server: ECDHE-RSA-AES128-GCM-SHA256
The slave server has the following SSL connection when polled from inside the DMA element:
SSL cipher: ECDHE-RSA-AES256-SHA
TLS version: TLSv1.1
The driver is using SLDatabase.dll which is using MySql.Data version 6.9.12.0 and that is part of MySQL Connector/NET.
Page https://dev.mysql.com/doc/connector-net/en/connector-net-versions.html mentions that
"Secure connections using the TLSv1.2 protocol require Connector/NET 8.0.11 or later."
Could it be that the master configuration of the customer somehow forces the DMA to use TLSv1.2 and that this is not supported by the MySQL Connector?
After investigating wireshark traces, it looks like the Master server does not support TLSv1.1 or any of the ciphers the client (DMA) supports because the Master server immediately sends a TCP reset message after receiving the Client Hello message.
Hi,
Do you happen to have access to wireshark traces? This can be usefull to see why the handshake fails. Please feel free to contact me directly to follow up on this.
kr,