Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

SSL/TLS Handshake failed for MySQL queries

Solved1.68K views5th July 2023MySQL ssl SSL-TLS
3
Matthias Neirinck [SLC] [DevOps Enabler]76 17th May 2023 1 Comment

Hi,
We are encountering a “The handshake failed due to an unexpected packet format.” error on a customer DMA which seems to be caused by an SSL/TLS issue.

Their setup consists of a master server that is used in production and slave server that replicates the master server for testing. The element is using the Generic Database driver and is connecting to their MySQL database. Connections from the MySQL workbench and client to both the master and slave server are working fine. The DMA element is able to run queries on the slave server but the “handshake failed” issue occurs on the master server. The master and slave both support TLSv1.2 and older versions. A workaround is to explicitly disable SSL by setting “SSL Mode=None” in the connection string. Then queries are able to execute on the master server but this does not solve the root problem.

When connecting from the MySQL client, the following cipher is used:
Master server: DHE-RSA-AES128-GCM-SHA256
Slave server: ECDHE-RSA-AES128-GCM-SHA256

The slave server has the following SSL connection when polled from inside the DMA element:
SSL cipher: ECDHE-RSA-AES256-SHA
TLS version: TLSv1.1

The driver is using SLDatabase.dll which is using MySql.Data version 6.9.12.0 and that is part of MySQL Connector/NET.
Page https://dev.mysql.com/doc/connector-net/en/connector-net-versions.html mentions that
“Secure connections using the TLSv1.2 protocol require Connector/NET 8.0.11 or later.”

Could it be that the master configuration of the customer somehow forces the DMA to use TLSv1.2 and that this is not supported by the MySQL Connector?

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 5th July 2023
Seppe Dejonckheere [SLC] [DevOps Advocate] commented 17th May 2023

Hi,
Do you happen to have access to wireshark traces? This can be usefull to see why the handshake fails. Please feel free to contact me directly to follow up on this.

kr,

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
1
Seppe Dejonckheere [SLC] [DevOps Advocate]2.26K Posted 17th May 2023 0 Comments

After investigating wireshark traces, it looks like the Master server does not support TLSv1.1 or any of the ciphers the client (DMA) supports because the Master server immediately sends a TCP reset message after receiving the Client Hello message.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 5th July 2023
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs